emacs-diffs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Emacs-diffs] nsm 04/04: Make all TLS/STARTTLS connections go through th

From: Lars Ingebrigtsen
Subject: [Emacs-diffs] nsm 04/04: Make all TLS/STARTTLS connections go through the security manager
Date: Tue, 18 Nov 2014 14:33:22 +0000 
branch: nsm
commit 180eaaf94d5716208afb8820fa093c4a49034c06
Author: Lars Magne Ingebrigtsen <address@hidden>
Date:   Tue Nov 18 15:32:47 2014 +0100

    Make all TLS/STARTTLS connections go through the security manager
    
    * net/network-stream.el (network-stream-open-starttls): Use the
    network security manager.
    (network-stream-open-tls): Ditto.
---
 lisp/ChangeLog             |    6 ++++++
 lisp/net/network-stream.el |    8 ++++++++
 2 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 214f6d9..293ffae 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,9 @@
+2014-11-18  Lars Magne Ingebrigtsen  <address@hidden>
+
+       * net/network-stream.el (network-stream-open-starttls): Use the
+       network security manager.
+       (network-stream-open-tls): Ditto.
+
 2014-11-17  Lars Magne Ingebrigtsen  <address@hidden>
 
        * net/nsm.el: New file to provide network security management.
diff --git a/lisp/net/network-stream.el b/lisp/net/network-stream.el
index 28e9d0c..0310b22 100644
--- a/lisp/net/network-stream.el
+++ b/lisp/net/network-stream.el
@@ -45,6 +45,7 @@
 (require 'tls)
 (require 'starttls)
 (require 'auth-source)
+(require 'nsm)
 
 (autoload 'gnutls-negotiate "gnutls")
 (autoload 'open-gnutls-stream "gnutls")
@@ -319,6 +320,10 @@ a greeting from the server.
                        "' program was found"))))
       (delete-process stream)
       (setq stream nil))
+    ;; Check certificate validity etc.
+    (when builtin-starttls
+      (setq stream (nsm-verify-connection stream host service
+                                         (eq resulting-type 'tls))))
     ;; Return value:
     (list stream greeting capabilities resulting-type error)))
 
@@ -352,6 +357,9 @@ a greeting from the server.
                       'open-tls-stream)
                     name buffer host service))
           (eoc (plist-get parameters :end-of-command)))
+      ;; Check certificate validity etc.
+      (when (and use-builtin-gnutls stream)
+       (setq stream (nsm-verify-connection stream host service)))
       (if (null stream)
          (list nil nil nil 'plain)
        ;; If we're using tls.el, we have to delete the output from
reply via email to
[Prev in Thread] Current Thread [Next in Thread]