search

emacs-circe / circe

Circe, a Client for IRC in Emacs
GNU General Public License v3.0
395 stars 51 forks source link

Remove OpenSSL's s_client fallback #315

Closed wasamasa closed 4 years ago

wasamasa commented 7 years ago

It has been argued in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766397 that OpenSSL's s_client command should not be used for anything else than debugging. As I've witnessed several cases of people who didn't have GnuTLS installed and therefore used OpenSSL as fallback not being able to tell why their IRC connection failed silently I'd prefer supporting GnuTLS only and get an error if it wasn't found.

jorgenschaefer commented 7 years ago

From said thread:

s_client is a debug tool, it does not set up a secure connection, it ignores all errors and just continues.

This is incorrect. s_client throws an error when it can't verify a certificate.

The correct fix would be for Circe to use the built-in TLS support, not openssl or gnutls at all. But then, I'm not sure what CA list the built-in TLS implementation uses.

wasamasa commented 4 years ago

Obsoleted thanks to #377 for Emacs 26.1 and above