https://bugzilla.redhat.com/show_bug.cgi?id=2182151 --- Comment #60 from Chuck Lever <chuck.lever@xxxxxxxxxx> --- (In reply to Daiki Ueno from comment #59) > At first glance, the certificate verification looks good to me, except that > I'm unsure what HANDSHAKE_AUTH_UNAUTH actually means: is it a certificate > authentication without checking the result, or actual anonymous > authentication that can be done with the gnutls_anon_* API? If the answer is > the format, we might want to disable it by default. The point of the "anon" authentication type is to use x.509 but only require that the client authenticate the server. The client then does not need an x.509 certificate -- it's one way to enable a private connection without needing to distribute authentication material to perhaps many thousands of clients. The use of this mode is controlled by the administrators of both the client and server -- they can require encryption and/or authentication before the client is permitted access to the server's data, or allow the use of encryption if it's available on both sides. I would rather allow administrators to control whether this option is available. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2182151 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202182151%23c60 _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue