summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorAlan Pearce2015-11-13 10:02:41 +0100
committerAlan Pearce2015-11-13 10:02:41 +0100
commitfd9734e7eaac3749a2a0ae3f7e47f34515070866 (patch)
treeaa36c99907ee1f713f402e71d914de99b0d76e6a
parent43d0e86610038d4b73a1675deabe02498b093e17 (diff)
downloaddotfiles-fd9734e7eaac3749a2a0ae3f7e47f34515070866.tar.lz
dotfiles-fd9734e7eaac3749a2a0ae3f7e47f34515070866.tar.zst
dotfiles-fd9734e7eaac3749a2a0ae3f7e47f34515070866.zip
Emacs: Improve TLS security
-rw-r--r--tag-emacs/emacs.d/init.org13
1 files changed, 13 insertions, 0 deletions
diff --git a/tag-emacs/emacs.d/init.org b/tag-emacs/emacs.d/init.org
index 2673002..ab2a087 100644
--- a/tag-emacs/emacs.d/init.org
+++ b/tag-emacs/emacs.d/init.org
@@ -64,6 +64,19 @@ cask update
 ** Req-package
 
 #+BEGIN_SRC emacs-lisp
+  (let ((trustfile
+         (replace-regexp-in-string
+          "\\\\" "/"
+          (replace-regexp-in-string
+           "\n" ""
+           (shell-command-to-string "python -m certifi")))))
+    (setq tls-checktrust t
+          tls-program
+          (list
+           (format "gnutls-cli%s --x509cafile %s -p %%p %%h"
+                   (if (eq window-system 'w32) ".exe" "") trustfile)))
+    (setq gnutls-verify-error t)
+    (setq gnutls-trustfiles (list trustfile)))
   (eval-and-compile
     (setq package-archives '(("gnu" . "https://elpa.gnu.org/packages/")
                              ("marmalade" . "https://marmalade-repo.org/packages/")