aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLars Magne Ingebrigtsen2014-12-08 22:40:57 +0100
committerLars Magne Ingebrigtsen2014-12-08 22:40:57 +0100
commitbe6767d59b9f984ee28d444aada0ecdd0245ec6e (patch)
tree2f4226b38ea93fb3d02772937266267f0cf8ed5e
parent7befee11a8f114c43614ad20c3d470e202deb8dc (diff)
downloademacs-be6767d59b9f984ee28d444aada0ecdd0245ec6e.tar.gz
emacs-be6767d59b9f984ee28d444aada0ecdd0245ec6e.zip
Make the NSM prompting have more data
(nsm-format-certificate): Include more data about the connection. (nsm-query): Fill the text to that it looks nicer.
Diffstat
-rw-r--r--lisp/ChangeLog2
-rw-r--r--lisp/net/nsm.el30
2 files changed, 25 insertions, 7 deletions
diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 696a42b6b1c..c109bc7cab6 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,6 +1,8 @@
12014-12-08 Lars Magne Ingebrigtsen <larsi@gnus.org> 12014-12-08 Lars Magne Ingebrigtsen <larsi@gnus.org>
2 2
3 * net/nsm.el (nsm-check-protocol): Test for RC4 on `high'. 3 * net/nsm.el (nsm-check-protocol): Test for RC4 on `high'.
4 (nsm-format-certificate): Include more data about the connection.
5 (nsm-query): Fill the text to that it looks nicer.
4 6
52014-12-08 Stefan Monnier <monnier@iro.umontreal.ca> 72014-12-08 Stefan Monnier <monnier@iro.umontreal.ca>
6 8
diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index 16e07ff088c..d1de1288ca6 100644
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -164,7 +164,7 @@ unencrypted."
164 (if (and (not (nsm-warnings-ok-p status settings)) 164 (if (and (not (nsm-warnings-ok-p status settings))
165 (not (nsm-query 165 (not (nsm-query
166 host port status 'conditions 166 host port status 'conditions
167 "The TLS connection to %s:%s is insecure\nfor the following reason%s:\n\n%s" 167 "The TLS connection to %s:%s is insecure for the following reason%s:\n\n%s"
168 host port 168 host port
169 (if (> (length warnings) 1) 169 (if (> (length warnings) 1)
170 "s" "") 170 "s" "")
@@ -190,7 +190,7 @@ unencrypted."
190 (not 190 (not
191 (nsm-query 191 (nsm-query
192 host port status :diffie-hellman-prime-bits 192 host port status :diffie-hellman-prime-bits
193 "The Diffie-Hellman prime bits (%s) used for this connection to\n%s:%s\nis less than what is considered safe (%s)." 193 "The Diffie-Hellman prime bits (%s) used for this connection to %s:%s is less than what is considered safe (%s)."
194 prime-bits host port 1024))) 194 prime-bits host port 1024)))
195 (delete-process process) 195 (delete-process process)
196 nil) 196 nil)
@@ -200,7 +200,9 @@ unencrypted."
200 (nsm-query 200 (nsm-query
201 host port status :rc4 201 host port status :rc4
202 "The connection to %s:%s uses the RC4 algorithm (%s), which is believed to be unsafe." 202 "The connection to %s:%s uses the RC4 algorithm (%s), which is believed to be unsafe."
203 host port encryption)))) 203 host port encryption)))
204 (delete-process process)
205 nil)
204 (t 206 (t
205 process)))) 207 process))))
206 208
@@ -217,7 +219,7 @@ unencrypted."
217 (setq did-query 219 (setq did-query
218 (nsm-query 220 (nsm-query
219 host port status 'fingerprint 221 host port status 'fingerprint
220 "The fingerprint for the connection to %s:%s has changed from\n%s to\n%s" 222 "The fingerprint for the connection to %s:%s has changed from %s to %s"
221 host port 223 host port
222 (plist-get settings :fingerprint) 224 (plist-get settings :fingerprint)
223 (nsm-fingerprint status))))) 225 (nsm-fingerprint status)))))
@@ -232,7 +234,7 @@ unencrypted."
232(defun nsm-new-fingerprint-ok-p (host port status) 234(defun nsm-new-fingerprint-ok-p (host port status)
233 (nsm-query 235 (nsm-query
234 host port status 'fingerprint 236 host port status 'fingerprint
235 "The fingerprint for the connection to %s:%s is new:\n%s" 237 "The fingerprint for the connection to %s:%s is new: %s"
236 host port 238 host port
237 (nsm-fingerprint status))) 239 (nsm-fingerprint status)))
238 240
@@ -246,7 +248,7 @@ unencrypted."
246 (not 248 (not
247 (nsm-query 249 (nsm-query
248 host port nil 'conditions 250 host port nil 'conditions
249 "The connection to %s:%s used to be an encrypted\nconnection, but is now unencrypted. This might mean that there's a\nman-in-the-middle tapping this connection." 251 "The connection to %s:%s used to be an encrypted connection, but is now unencrypted. This might mean that there's a man-in-the-middle tapping this connection."
250 host port))) 252 host port)))
251 (delete-process process) 253 (delete-process process)
252 nil) 254 nil)
@@ -285,7 +287,12 @@ unencrypted."
285 (erase-buffer) 287 (erase-buffer)
286 (when (> (length cert) 0) 288 (when (> (length cert) 0)
287 (insert cert "\n")) 289 (insert cert "\n"))
288 (insert (apply 'format message args)))) 290 (let ((start (point)))
291 (insert (apply 'format message args))
292 (goto-char start)
293 ;; Fill the first line of the message, which usually
294 ;; contains lots of explanatory text.
295 (fill-region (point) (line-end-position)))))
289 (let ((responses '((?n . no) 296 (let ((responses '((?n . no)
290 (?s . session) 297 (?s . session)
291 (?a . always))) 298 (?a . always)))
@@ -418,6 +425,15 @@ unencrypted."
418 (insert 425 (insert
419 "Public key:" (plist-get cert :public-key-algorithm) 426 "Public key:" (plist-get cert :public-key-algorithm)
420 ", signature: " (plist-get cert :signature-algorithm) "\n")) 427 ", signature: " (plist-get cert :signature-algorithm) "\n"))
428 (when (and (plist-get status :key-exchange)
429 (plist-get status :cipher)
430 (plist-get status :mac)
431 (plist-get status :protocol))
432 (insert
433 "Protocol:" (plist-get status :protocol)
434 ", key: " (plist-get status :key-exchange)
435 ", cipher: " (plist-get status :cipher)
436 ", mac: " (plist-get status :mac) "\n"))
421 (when (plist-get cert :certificate-security-level) 437 (when (plist-get cert :certificate-security-level)
422 (insert 438 (insert
423 "Security level:" 439 "Security level:"
generated by cgit v1.2.1 (git 2.18.0) at 2026-01-30 05:14:47 +0000