[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] nsm 04/04: Make all TLS/STARTTLS connections go through th
From: |
Lars Ingebrigtsen |
Subject: |
[Emacs-diffs] nsm 04/04: Make all TLS/STARTTLS connections go through the security manager |
Date: |
Tue, 18 Nov 2014 14:33:22 +0000 |
branch: nsm
commit 180eaaf94d5716208afb8820fa093c4a49034c06
Author: Lars Magne Ingebrigtsen <address@hidden>
Date: Tue Nov 18 15:32:47 2014 +0100
Make all TLS/STARTTLS connections go through the security manager
* net/network-stream.el (network-stream-open-starttls): Use the
network security manager.
(network-stream-open-tls): Ditto.
---
lisp/ChangeLog | 6 ++++++
lisp/net/network-stream.el | 8 ++++++++
2 files changed, 14 insertions(+), 0 deletions(-)
diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 214f6d9..293ffae 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,9 @@
+2014-11-18 Lars Magne Ingebrigtsen <address@hidden>
+
+ * net/network-stream.el (network-stream-open-starttls): Use the
+ network security manager.
+ (network-stream-open-tls): Ditto.
+
2014-11-17 Lars Magne Ingebrigtsen <address@hidden>
* net/nsm.el: New file to provide network security management.
diff --git a/lisp/net/network-stream.el b/lisp/net/network-stream.el
index 28e9d0c..0310b22 100644
--- a/lisp/net/network-stream.el
+++ b/lisp/net/network-stream.el
@@ -45,6 +45,7 @@
(require 'tls)
(require 'starttls)
(require 'auth-source)
+(require 'nsm)
(autoload 'gnutls-negotiate "gnutls")
(autoload 'open-gnutls-stream "gnutls")
@@ -319,6 +320,10 @@ a greeting from the server.
"' program was found"))))
(delete-process stream)
(setq stream nil))
+ ;; Check certificate validity etc.
+ (when builtin-starttls
+ (setq stream (nsm-verify-connection stream host service
+ (eq resulting-type 'tls))))
;; Return value:
(list stream greeting capabilities resulting-type error)))
@@ -352,6 +357,9 @@ a greeting from the server.
'open-tls-stream)
name buffer host service))
(eoc (plist-get parameters :end-of-command)))
+ ;; Check certificate validity etc.
+ (when (and use-builtin-gnutls stream)
+ (setq stream (nsm-verify-connection stream host service)))
(if (null stream)
(list nil nil nil 'plain)
;; If we're using tls.el, we have to delete the output from