[Emacs-diffs] master 05/05: Rename `nsm-security-level' to `network-secu

emacs-diffs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Emacs-diffs] master 05/05: Rename `nsm-security-level' to `network-secu

From:	Lars Ingebrigtsen
Subject:	[Emacs-diffs] master 05/05: Rename `nsm-security-level' to `network-security-level'
Date:	Sun, 23 Nov 2014 14:14:37 +0000

branch: master
commit b10d90066338c88a371fef1b59e2f455a37a3ba2
Author: Lars Magne Ingebrigtsen <address@hidden>
Date:   Sun Nov 23 15:13:13 2014 +0100

    Rename `nsm-security-level' to `network-security-level'
    
    * net/nsm.el (network-security-level): Rename from
    `nsm-security-level' and documented.
---
 doc/lispref/processes.texi |    4 ++--
 lisp/ChangeLog             |    3 +++
 lisp/net/nsm.el            |   39 +++++++++++++++++++++++++++++++--------
 3 files changed, 36 insertions(+), 10 deletions(-)

diff --git a/doc/lispref/processes.texi b/doc/lispref/processes.texi
index 48429e6..3c9da5c 100644
--- a/doc/lispref/processes.texi
+++ b/doc/lispref/processes.texi
@@ -2088,8 +2088,8 @@ entirely.
 If the connection is unencrypted, but it was encrypted in previous
 sessions, the user will also be notified about this.
 
address@hidden nsm-security-level
-The @code{nsm-security-level} variable determines the security level.
address@hidden network-security-level
+The @code{network-security-level} variable determines the security level.
 If this is @code{low}, no security checks are performed.
 
 
diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 34ac2d3..b4e5b79 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,5 +1,8 @@
 2014-11-23  Lars Magne Ingebrigtsen  <address@hidden>
 
+       * net/nsm.el (network-security-level): Rename from
+       `nsm-security-level' and documented.
+
        * mail/smtpmail.el (smtpmail-via-smtp): Warn unless encrypted and
        we're sending a password.
 
diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index f51201a..fdbcd13 100644
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -34,8 +34,31 @@
   :version "25.1"
   :group 'comm)
 
-(defcustom nsm-security-level 'medium
-  "How secure the network should be."
+(defcustom network-security-level 'low
+  "How secure the network should be.
+If a potential problem with the security of the network
+connection is found, the user is asked to give input into how the
+connection should be handled.
+
+The following values are possible:
+
+`low': Absolutely no checks are performed.
+
+`medium': This is the default level, and the following things will
+be prompted for.
+
+* invalid, self-signed or otherwise unverifiable certificates
+* whether a previously accepted unverifiable certificate has changed
+* when a connection that was previously protected by STARTTLS is
+  now unencrypted
+
+`high': In addition to the above.
+
+* any certificate that changes its public key
+
+`paranoid': In addition to the above.
+
+* any new certificate that you haven't seen before"
   :version "25.1"
   :group 'nsm
   :type '(choice (const :tag "Low" low)
@@ -80,7 +103,7 @@ to keep track of the TLS status of STARTTLS servers.
 
 If WARN-UNENCRYPTED, query the user if the connection is
 unencrypted."
-  (if (eq nsm-security-level 'low)
+  (if (eq network-security-level 'low)
       process
     (let* ((status (gnutls-peer-status process))
           (id (nsm-id host port))
@@ -108,21 +131,21 @@ unencrypted."
      ;; certificate pinning.
      ((null warnings)
       (cond
-       ((< (nsm-level nsm-security-level) (nsm-level 'high))
+       ((< (nsm-level network-security-level) (nsm-level 'high))
        process)
        ;; The certificate is fine, but if we're paranoid, we might
        ;; want to check whether it's changed anyway.
-       ((and (>= (nsm-level nsm-security-level) (nsm-level 'high))
+       ((and (>= (nsm-level network-security-level) (nsm-level 'high))
             (not (nsm-fingerprint-ok-p host port status settings)))
        (delete-process process)
        nil)
        ;; We haven't seen this before, and we're paranoid.
-       ((and (eq nsm-security-level 'paranoid)
+       ((and (eq network-security-level 'paranoid)
             (null settings)
             (not (nsm-new-fingerprint-ok-p host port status)))
        (delete-process process)
        nil)
-       ((>= (nsm-level nsm-security-level) (nsm-level 'high))
+       ((>= (nsm-level network-security-level) (nsm-level 'high))
        ;; Save the host fingerprint so that we can check it the
        ;; next time we connect.
        (nsm-save-host host port status 'fingerprint 'always)
@@ -131,7 +154,7 @@ unencrypted."
        process)))
 
      ;; The certificate did not validate.
-     ((not (equal nsm-security-level 'low))
+     ((not (equal network-security-level 'low))
       ;; We always want to pin the certificate of invalid connections
       ;; to track man-in-the-middle or the like.
       (if (not (nsm-fingerprint-ok-p host port status settings))

[Prev in Thread]

Current Thread

[Next in Thread]

[Emacs-diffs] master updated (0b1d7cd -> b10d900), Lars Ingebrigtsen, 2014/11/23
- [Emacs-diffs] master 01/05: Add functions to gnutls.c for exporting certificate details, Lars Ingebrigtsen, 2014/11/23
- [Emacs-diffs] master 02/05: Implement a Network Security Manager, Lars Ingebrigtsen, 2014/11/23
- [Emacs-diffs] master 05/05: Rename `nsm-security-level' to `network-security-level', Lars Ingebrigtsen <=
- [Emacs-diffs] master 03/05: Make some network connections warn unless they are encrypted, Lars Ingebrigtsen, 2014/11/23
- [Emacs-diffs] master 04/05: Implement a new url parameter `url-request-noninteractive', Lars Ingebrigtsen, 2014/11/23

Prev by Date: [Emacs-diffs] master 02/05: Implement a Network Security Manager
Next by Date: [Emacs-diffs] master 03/05: Make some network connections warn unless they are encrypted
Previous by thread: [Emacs-diffs] master 02/05: Implement a Network Security Manager
Next by thread: [Emacs-diffs] master 03/05: Make some network connections warn unless they are encrypted
Index(es):
- Date
- Thread