Closed wasamasa closed 4 years ago
From said thread:
s_client is a debug tool, it does not set up a secure connection, it ignores all errors and just continues.
This is incorrect. s_client
throws an error when it can't verify a certificate.
The correct fix would be for Circe to use the built-in TLS support, not openssl or gnutls at all. But then, I'm not sure what CA list the built-in TLS implementation uses.
Obsoleted thanks to #377 for Emacs 26.1 and above
It has been argued in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766397 that OpenSSL's
s_client
command should not be used for anything else than debugging. As I've witnessed several cases of people who didn't have GnuTLS installed and therefore used OpenSSL as fallback not being able to tell why their IRC connection failed silently I'd prefer supporting GnuTLS only and get an error if it wasn't found.