diff options
| author | Paul Eggert | 2019-08-23 11:50:40 -0700 |
|---|---|---|
| committer | Paul Eggert | 2019-08-23 11:52:03 -0700 |
| commit | 80376945952943888bb34c7d4ea06972e422eca7 (patch) | |
| tree | 1fab93d6937a12c331c4675b57a074981d4c081c | |
| parent | c5210fd00af7c3e261a52864e799e16ed6a1b165 (diff) | |
| download | emacs-80376945952943888bb34c7d4ea06972e422eca7.tar.gz emacs-80376945952943888bb34c7d4ea06972e422eca7.zip | |
Tweak gnutls-peer-status reporting
* src/gnutls.c (Fgnutls_peer_status): Report :compression and
:encrypt-then-mac only if the underlying GnuTLS library has
the corresponding features. This give the Elisp caller a bit
more information about the peer status.
* lisp/net/nsm.el (nsm-protocol-check--compression):
Don’t worry about compression in newer GnuTLS versions
that do not support compression.
| -rw-r--r-- | lisp/net/nsm.el | 3 | ||||
| -rw-r--r-- | src/gnutls.c | 16 |
2 files changed, 9 insertions, 10 deletions
diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el index ed700bc9b5d..5e8381075be 100644 --- a/lisp/net/nsm.el +++ b/lisp/net/nsm.el | |||
| @@ -692,7 +692,8 @@ Sheffer, Holz, Saint-Andre (May 2015). \"Recommendations for Secure | |||
| 692 | Use of Transport Layer Security (TLS) and Datagram Transport Layer | 692 | Use of Transport Layer Security (TLS) and Datagram Transport Layer |
| 693 | Security (DTLS)\", `https://tools.ietf.org/html/rfc7525'" | 693 | Security (DTLS)\", `https://tools.ietf.org/html/rfc7525'" |
| 694 | (let ((compression (plist-get status :compression))) | 694 | (let ((compression (plist-get status :compression))) |
| 695 | (and (string-match "^\\bDEFLATE\\b" compression) | 695 | (and compression |
| 696 | (string-match "^\\bDEFLATE\\b" compression) | ||
| 696 | (format-message | 697 | (format-message |
| 697 | "compression method (%s) may lead to leakage of sensitive information" | 698 | "compression method (%s) may lead to leakage of sensitive information" |
| 698 | compression)))) | 699 | compression)))) |
diff --git a/src/gnutls.c b/src/gnutls.c index 51536b14632..a7ef59ab919 100644 --- a/src/gnutls.c +++ b/src/gnutls.c | |||
| @@ -1493,20 +1493,18 @@ returned as the :certificate entry. */) | |||
| 1493 | 1493 | ||
| 1494 | /* Compression name. */ | 1494 | /* Compression name. */ |
| 1495 | #ifdef HAVE_GNUTLS_COMPRESSION_GET | 1495 | #ifdef HAVE_GNUTLS_COMPRESSION_GET |
| 1496 | Lisp_Object compression = build_string (gnutls_compression_get_name | 1496 | result = nconc2 |
| 1497 | (gnutls_compression_get (state))); | 1497 | (result, list2 (intern (":compression"), |
| 1498 | #else | 1498 | build_string (gnutls_compression_get_name |
| 1499 | Lisp_Object compression = build_string ("NULL"); | 1499 | (gnutls_compression_get (state))))); |
| 1500 | #endif | 1500 | #endif |
| 1501 | result = nconc2 (result, list2 (intern (":compression"), compression)); | ||
| 1502 | 1501 | ||
| 1503 | /* Encrypt-then-MAC. */ | 1502 | /* Encrypt-then-MAC. */ |
| 1504 | Lisp_Object etm_status = Qnil; | ||
| 1505 | #ifdef HAVE_GNUTLS_ETM_STATUS | 1503 | #ifdef HAVE_GNUTLS_ETM_STATUS |
| 1506 | if (gnutls_session_etm_status (state)) | 1504 | result = nconc2 |
| 1507 | etm_status = Qt; | 1505 | (result, list2 (intern (":encrypt-then-mac"), |
| 1506 | gnutls_session_etm_status (state) ? Qt : Qnil)); | ||
| 1508 | #endif | 1507 | #endif |
| 1509 | result = nconc2 (result, list2 (intern (":encrypt-then-mac"), etm_status)); | ||
| 1510 | 1508 | ||
| 1511 | /* Renegotiation Indication */ | 1509 | /* Renegotiation Indication */ |
| 1512 | result = nconc2 | 1510 | result = nconc2 |