[Emacs-diffs] master 3b7eed4: Flag :unknown-ca and :self-signed SSL cert

emacs-diffs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Emacs-diffs] master 3b7eed4: Flag :unknown-ca and :self-signed SSL cert

From:	Teodor Zlatanov
Subject:	[Emacs-diffs] master 3b7eed4: Flag :unknown-ca and :self-signed SSL certs (Bug#19404)
Date:	Thu, 15 Jan 2015 14:42:10 +0000

branch: master
commit 3b7eed4ebb3c18799ec791d0c6bd53c019f48f73
Author: Ted Zlatanov <address@hidden>
Commit: Ted Zlatanov <address@hidden>

    Flag :unknown-ca and :self-signed SSL certs  (Bug#19404)
    
    Fixes: debbugs:19404
    
    * gnutls.c (init_gnutls_functions): Import gnutls_x509_crt_check_issuer.
    (Fgnutls_peer_status): Use it to set the :self-signed flag.
    Rename the previous :self-signed to :unknown-ca.
    (Fgnutls_peer_status_warning_describe): Explain :unknown-ca flag.
---
 src/ChangeLog |    7 +++++++
 src/gnutls.c  |   17 ++++++++++++++++-
 2 files changed, 23 insertions(+), 1 deletions(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index b2588f1..898c10a 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,10 @@
+2015-01-15  Teodor Zlatanov  <address@hidden>
+
+       * gnutls.c (init_gnutls_functions): Import gnutls_x509_crt_check_issuer.
+       (Fgnutls_peer_status): Use it to set the :self-signed flag.
+       Rename the previous :self-signed to :unknown-ca. (Bug#19404)
+       (Fgnutls_peer_status_warning_describe): Explain :unknown-ca flag.
+
 2015-01-14  Eli Zaretskii  <address@hidden>
 
        * w32fns.c (w32_wnd_proc): Ignore MENUITEMINFO's dwItemData data
diff --git a/src/gnutls.c b/src/gnutls.c
index 5e6c635..909542f 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -122,6 +122,8 @@ DEF_DLL_FN (void, gnutls_transport_set_push_function,
            (gnutls_session_t, gnutls_push_func));
 DEF_DLL_FN (int, gnutls_x509_crt_check_hostname,
            (gnutls_x509_crt_t, const char *));
+DEF_DLL_FN (int, gnutls_x509_crt_check_issuer,
+              (gnutls_x509_crt_t, gnutls_x509_crt_t));
 DEF_DLL_FN (void, gnutls_x509_crt_deinit, (gnutls_x509_crt_t));
 DEF_DLL_FN (int, gnutls_x509_crt_import,
            (gnutls_x509_crt_t, const gnutls_datum_t *,
@@ -236,6 +238,7 @@ init_gnutls_functions (void)
   LOAD_DLL_FN (library, gnutls_transport_set_pull_function);
   LOAD_DLL_FN (library, gnutls_transport_set_push_function);
   LOAD_DLL_FN (library, gnutls_x509_crt_check_hostname);
+  LOAD_DLL_FN (library, gnutls_x509_crt_check_issuer);
   LOAD_DLL_FN (library, gnutls_x509_crt_deinit);
   LOAD_DLL_FN (library, gnutls_x509_crt_import);
   LOAD_DLL_FN (library, gnutls_x509_crt_init);
@@ -329,6 +332,7 @@ init_gnutls_functions (void)
 # define gnutls_transport_set_pull_function 
fn_gnutls_transport_set_pull_function
 # define gnutls_transport_set_push_function 
fn_gnutls_transport_set_push_function
 # define gnutls_x509_crt_check_hostname fn_gnutls_x509_crt_check_hostname
+# define gnutls_x509_crt_check_issuer fn_gnutls_x509_crt_check_issuer
 # define gnutls_x509_crt_deinit fn_gnutls_x509_crt_deinit
 # define gnutls_x509_crt_get_activation_time 
fn_gnutls_x509_crt_get_activation_time
 # define gnutls_x509_crt_get_dn fn_gnutls_x509_crt_get_dn
@@ -982,6 +986,10 @@ DEFUN ("gnutls-peer-status-warning-describe", 
Fgnutls_peer_status_warning_descri
   if (EQ (status_symbol, intern (":self-signed")))
     return build_string ("certificate signer was not found (self-signed)");
 
+  if (EQ (status_symbol, intern (":unknown-ca")))
+    return build_string ("the certificate was signed by an unknown "
+                         "and therefore untrusted authority");
+
   if (EQ (status_symbol, intern (":not-ca")))
     return build_string ("certificate signer is not a CA");
 
@@ -1026,7 +1034,7 @@ The return value is a property list with top-level keys 
:warnings and
     warnings = Fcons (intern (":revoked"), warnings);
 
   if (verification & GNUTLS_CERT_SIGNER_NOT_FOUND)
-    warnings = Fcons (intern (":self-signed"), warnings);
+    warnings = Fcons (intern (":unknown-ca"), warnings);
 
   if (verification & GNUTLS_CERT_SIGNER_NOT_CA)
     warnings = Fcons (intern (":not-ca"), warnings);
@@ -1044,6 +1052,13 @@ The return value is a property list with top-level keys 
:warnings and
       CERTIFICATE_NOT_MATCHING)
     warnings = Fcons (intern (":no-host-match"), warnings);
 
+  /* This could get called in the INIT stage, when the certificate is
+     not yet set. */
+  if (XPROCESS (proc)->gnutls_certificate != NULL &&
+      gnutls_x509_crt_check_issuer(XPROCESS (proc)->gnutls_certificate,
+                                   XPROCESS (proc)->gnutls_certificate))
+    warnings = Fcons (intern (":self-signed"), warnings);
+
   if (!NILP (warnings))
     result = list2 (intern (":warnings"), warnings);

[Prev in Thread]

Current Thread

[Next in Thread]

[Emacs-diffs] master 3b7eed4: Flag :unknown-ca and :self-signed SSL certs (Bug#19404), Teodor Zlatanov <=

Prev by Date: [Emacs-diffs] master 0e97c44: # Set copyright to FSF, standardize license notice
Next by Date: [Emacs-diffs] xwidget updated (a1124bc -> 0298a2c)
Previous by thread: [Emacs-diffs] master 0e97c44: # Set copyright to FSF, standardize license notice
Next by thread: [Emacs-diffs] xwidget updated (a1124bc -> 0298a2c)
Index(es):
- Date
- Thread