diff options
| author | Ted Zlatanov | 2015-01-15 09:41:58 -0500 |
|---|---|---|
| committer | Ted Zlatanov | 2015-01-15 09:41:58 -0500 |
| commit | 3b7eed4ebb3c18799ec791d0c6bd53c019f48f73 (patch) | |
| tree | e740384f279b80c6f3330a97d51d48023a66125b | |
| parent | 0e97c44c3699c4606a04f589828acdf9c03f447e (diff) | |
| download | emacs-3b7eed4ebb3c18799ec791d0c6bd53c019f48f73.tar.gz emacs-3b7eed4ebb3c18799ec791d0c6bd53c019f48f73.zip | |
Flag :unknown-ca and :self-signed SSL certs (Bug#19404)
Fixes: debbugs:19404
* gnutls.c (init_gnutls_functions): Import gnutls_x509_crt_check_issuer.
(Fgnutls_peer_status): Use it to set the :self-signed flag.
Rename the previous :self-signed to :unknown-ca.
(Fgnutls_peer_status_warning_describe): Explain :unknown-ca flag.
| -rw-r--r-- | src/ChangeLog | 7 | ||||
| -rw-r--r-- | src/gnutls.c | 17 |
2 files changed, 23 insertions, 1 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index b2588f1451f..898c10a48e1 100644 --- a/src/ChangeLog +++ b/src/ChangeLog | |||
| @@ -1,3 +1,10 @@ | |||
| 1 | 2015-01-15 Teodor Zlatanov <tzz@lifelogs.com> | ||
| 2 | |||
| 3 | * gnutls.c (init_gnutls_functions): Import gnutls_x509_crt_check_issuer. | ||
| 4 | (Fgnutls_peer_status): Use it to set the :self-signed flag. | ||
| 5 | Rename the previous :self-signed to :unknown-ca. (Bug#19404) | ||
| 6 | (Fgnutls_peer_status_warning_describe): Explain :unknown-ca flag. | ||
| 7 | |||
| 1 | 2015-01-14 Eli Zaretskii <eliz@gnu.org> | 8 | 2015-01-14 Eli Zaretskii <eliz@gnu.org> |
| 2 | 9 | ||
| 3 | * w32fns.c (w32_wnd_proc): Ignore MENUITEMINFO's dwItemData data | 10 | * w32fns.c (w32_wnd_proc): Ignore MENUITEMINFO's dwItemData data |
diff --git a/src/gnutls.c b/src/gnutls.c index 5e6c6353b45..909542f4212 100644 --- a/src/gnutls.c +++ b/src/gnutls.c | |||
| @@ -122,6 +122,8 @@ DEF_DLL_FN (void, gnutls_transport_set_push_function, | |||
| 122 | (gnutls_session_t, gnutls_push_func)); | 122 | (gnutls_session_t, gnutls_push_func)); |
| 123 | DEF_DLL_FN (int, gnutls_x509_crt_check_hostname, | 123 | DEF_DLL_FN (int, gnutls_x509_crt_check_hostname, |
| 124 | (gnutls_x509_crt_t, const char *)); | 124 | (gnutls_x509_crt_t, const char *)); |
| 125 | DEF_DLL_FN (int, gnutls_x509_crt_check_issuer, | ||
| 126 | (gnutls_x509_crt_t, gnutls_x509_crt_t)); | ||
| 125 | DEF_DLL_FN (void, gnutls_x509_crt_deinit, (gnutls_x509_crt_t)); | 127 | DEF_DLL_FN (void, gnutls_x509_crt_deinit, (gnutls_x509_crt_t)); |
| 126 | DEF_DLL_FN (int, gnutls_x509_crt_import, | 128 | DEF_DLL_FN (int, gnutls_x509_crt_import, |
| 127 | (gnutls_x509_crt_t, const gnutls_datum_t *, | 129 | (gnutls_x509_crt_t, const gnutls_datum_t *, |
| @@ -236,6 +238,7 @@ init_gnutls_functions (void) | |||
| 236 | LOAD_DLL_FN (library, gnutls_transport_set_pull_function); | 238 | LOAD_DLL_FN (library, gnutls_transport_set_pull_function); |
| 237 | LOAD_DLL_FN (library, gnutls_transport_set_push_function); | 239 | LOAD_DLL_FN (library, gnutls_transport_set_push_function); |
| 238 | LOAD_DLL_FN (library, gnutls_x509_crt_check_hostname); | 240 | LOAD_DLL_FN (library, gnutls_x509_crt_check_hostname); |
| 241 | LOAD_DLL_FN (library, gnutls_x509_crt_check_issuer); | ||
| 239 | LOAD_DLL_FN (library, gnutls_x509_crt_deinit); | 242 | LOAD_DLL_FN (library, gnutls_x509_crt_deinit); |
| 240 | LOAD_DLL_FN (library, gnutls_x509_crt_import); | 243 | LOAD_DLL_FN (library, gnutls_x509_crt_import); |
| 241 | LOAD_DLL_FN (library, gnutls_x509_crt_init); | 244 | LOAD_DLL_FN (library, gnutls_x509_crt_init); |
| @@ -329,6 +332,7 @@ init_gnutls_functions (void) | |||
| 329 | # define gnutls_transport_set_pull_function fn_gnutls_transport_set_pull_function | 332 | # define gnutls_transport_set_pull_function fn_gnutls_transport_set_pull_function |
| 330 | # define gnutls_transport_set_push_function fn_gnutls_transport_set_push_function | 333 | # define gnutls_transport_set_push_function fn_gnutls_transport_set_push_function |
| 331 | # define gnutls_x509_crt_check_hostname fn_gnutls_x509_crt_check_hostname | 334 | # define gnutls_x509_crt_check_hostname fn_gnutls_x509_crt_check_hostname |
| 335 | # define gnutls_x509_crt_check_issuer fn_gnutls_x509_crt_check_issuer | ||
| 332 | # define gnutls_x509_crt_deinit fn_gnutls_x509_crt_deinit | 336 | # define gnutls_x509_crt_deinit fn_gnutls_x509_crt_deinit |
| 333 | # define gnutls_x509_crt_get_activation_time fn_gnutls_x509_crt_get_activation_time | 337 | # define gnutls_x509_crt_get_activation_time fn_gnutls_x509_crt_get_activation_time |
| 334 | # define gnutls_x509_crt_get_dn fn_gnutls_x509_crt_get_dn | 338 | # define gnutls_x509_crt_get_dn fn_gnutls_x509_crt_get_dn |
| @@ -982,6 +986,10 @@ DEFUN ("gnutls-peer-status-warning-describe", Fgnutls_peer_status_warning_descri | |||
| 982 | if (EQ (status_symbol, intern (":self-signed"))) | 986 | if (EQ (status_symbol, intern (":self-signed"))) |
| 983 | return build_string ("certificate signer was not found (self-signed)"); | 987 | return build_string ("certificate signer was not found (self-signed)"); |
| 984 | 988 | ||
| 989 | if (EQ (status_symbol, intern (":unknown-ca"))) | ||
| 990 | return build_string ("the certificate was signed by an unknown " | ||
| 991 | "and therefore untrusted authority"); | ||
| 992 | |||
| 985 | if (EQ (status_symbol, intern (":not-ca"))) | 993 | if (EQ (status_symbol, intern (":not-ca"))) |
| 986 | return build_string ("certificate signer is not a CA"); | 994 | return build_string ("certificate signer is not a CA"); |
| 987 | 995 | ||
| @@ -1026,7 +1034,7 @@ The return value is a property list with top-level keys :warnings and | |||
| 1026 | warnings = Fcons (intern (":revoked"), warnings); | 1034 | warnings = Fcons (intern (":revoked"), warnings); |
| 1027 | 1035 | ||
| 1028 | if (verification & GNUTLS_CERT_SIGNER_NOT_FOUND) | 1036 | if (verification & GNUTLS_CERT_SIGNER_NOT_FOUND) |
| 1029 | warnings = Fcons (intern (":self-signed"), warnings); | 1037 | warnings = Fcons (intern (":unknown-ca"), warnings); |
| 1030 | 1038 | ||
| 1031 | if (verification & GNUTLS_CERT_SIGNER_NOT_CA) | 1039 | if (verification & GNUTLS_CERT_SIGNER_NOT_CA) |
| 1032 | warnings = Fcons (intern (":not-ca"), warnings); | 1040 | warnings = Fcons (intern (":not-ca"), warnings); |
| @@ -1044,6 +1052,13 @@ The return value is a property list with top-level keys :warnings and | |||
| 1044 | CERTIFICATE_NOT_MATCHING) | 1052 | CERTIFICATE_NOT_MATCHING) |
| 1045 | warnings = Fcons (intern (":no-host-match"), warnings); | 1053 | warnings = Fcons (intern (":no-host-match"), warnings); |
| 1046 | 1054 | ||
| 1055 | /* This could get called in the INIT stage, when the certificate is | ||
| 1056 | not yet set. */ | ||
| 1057 | if (XPROCESS (proc)->gnutls_certificate != NULL && | ||
| 1058 | gnutls_x509_crt_check_issuer(XPROCESS (proc)->gnutls_certificate, | ||
| 1059 | XPROCESS (proc)->gnutls_certificate)) | ||
| 1060 | warnings = Fcons (intern (":self-signed"), warnings); | ||
| 1061 | |||
| 1047 | if (!NILP (warnings)) | 1062 | if (!NILP (warnings)) |
| 1048 | result = list2 (intern (":warnings"), warnings); | 1063 | result = list2 (intern (":warnings"), warnings); |
| 1049 | 1064 | ||