- 23 Aug, 2019 5 commits
-
-
Paul Eggert authored
* src/gnutls.c (Fgnutls_peer_status): Report :compression and :encrypt-then-mac only if the underlying GnuTLS library has the corresponding features. This give the Elisp caller a bit more information about the peer status. * lisp/net/nsm.el (nsm-protocol-check--compression): Don’t worry about compression in newer GnuTLS versions that do not support compression.
-
Lars Ingebrigtsen authored
* doc/emacs/misc.texi (Network Security): Start working on updating the NSM bits, but it's unclear how much of the new stuff to document. * lisp/net/nsm.el: Rename all nsm-tls-check-* functions to nsm-protocol-check--* to bring them back into line with the documentation. (network-security-protocol-checks): Renamed back again from `nsm-tls-checks', as this variable is documented and can't just go away.
-
Lars Ingebrigtsen authored
* lisp/net/nsm.el (network-security-level, nsm-tls-checks): Make `low' a "check nothing" setting again, and move all the `low' checks back to `medium'. This makes the test suite work again.
-
Lars Ingebrigtsen authored
* lisp/net/nsm.el: Fix some too-long lines and some terminology in the doc strings/comments.
-
Lars Ingebrigtsen authored
* lisp/net/nsm.el (nsm-parse-subject, nsm-certificate-part): Restore functions for parsing subjects. (nsm-format-certificate): Use them to display more user-friendly data. Also change the display to have fewer lines again so that the data of interest isn't pushed off the screen.
-
- 07 Aug, 2019 1 commit
-
-
Robert Pluim authored
* lisp/net/nsm.el (nsm-network-same-subnet): New function. Checks if an ip address is in the same subnet as another one. (nsm-should-check): Use nsm-network-same-subnet to see if we're connecting to a local subnet machine. Remove checks for RFC1918 addresses. * test/lisp/net/nsm-tests.el: New file. Test nsm-should-check functionality.
-
- 15 Jul, 2019 1 commit
-
-
Lars Ingebrigtsen authored
* lisp/net/nsm.el (nsm-check-certificate): `nsm-fingerprint-ok-p' will save the fingerprint in the correct temporary/permanent storage, so saving it once more (in the permanent storage) if the security level is high or greater is a mistake (bug#27823).
-
- 01 Jan, 2019 1 commit
-
-
Paul Eggert authored
Run 'TZ=UTC0 admin/update-copyright $(git ls-files)'.
-
- 17 Sep, 2018 1 commit
-
-
Allen Li authored
In various situations, the window displaying the certificate information can be hidden (such as if the user accidentally presses ?, which causes the read-multiple-choice help window to replace it). Instead of leaving the user to make a choice blindly, add a choice to reshow the certification information. * lisp/net/nsm.el (nsm-query-user): Add reshow choice.
-
- 10 Sep, 2018 1 commit
-
-
Glenn Morris authored
* lisp/thread.el, lisp/net/nsm.el, lisp/erc/erc.el: Don't require subr-x at runtime.
-
- 14 Jul, 2018 4 commits
-
-
Jimmy Yuen Ho Wong authored
CAs like Let's Encrypt do not put O and OU into the Subject's DN. Similarly, O and OU are often used to indicate Domain Validated or Organization Validation as opposed to the actual OU. Issuer CN often contains the issuer's server or as an indication of Extended Validation certificate as opposed to the actual issuer organization. The Hostname part as extracted from the Subject is also confusing, as in the case of a hostname mismatch, the Subject's CN, which `nsm-format-certificate' naively calls the Hostname, will not actually match the hostname in the problem preamble. * lisp/net/nsm.el (nsm-format-certificate): Show full DN of Issuer and Subject. Remove Hostname. (nsm-certificate-part, nsm-parse-subject): Removed.
-
Jimmy Yuen Ho Wong authored
* lisp/net/nsm.el (nsm-check-tls-connection): Fix issue with plural problems in message. Prefix every problem with a bullet. (nsm-query-user): Add new view the full certificate chain by pressing d. (nsm-format-certificate): Improve basic certificate and session info formatting. * src/gnutls.c (emacs_gnutls_certificate_export_pem): New function. (gnutls_certificate_details): Rename to emacs_gnutls_certificate_details. Add :pem to result list. (Fgnutls_format_certificate): New function for formatting a PEM to human-readable text.
-
Jimmy Yuen Ho Wong authored
* lisp/net/net-utils.el (nslookup-host-ipv4, nslookup-host-ipv6, ipv6-expand): New functions to lookup IPv4 and IPv6 addresses from DNS. * lisp/net/nsm.el (nsm-trust-local-network, nsm-should-check, nsm-check-tls-connection, nsm-check-plain-connection): New defcustom `nsm-trust-local-network' lets users customize whether NSM should check for TLS problems when connecting to the hosts on their local networks. `nsm-should-check' determines whether `nsm-check-tls-connection' and `nsm-check-plain-connection' should perform checks. localhost is implicitly trusted, thus checks are never performed there.
-
Jimmy Yuen Ho Wong authored
* lisp/net/nsm.el (network-security-level, nsm-level, nsm-new-fingerprint-ok-p): Remove `paranoid' level and related code. * lisp/net/nsm.el (nsm-tls-checks, nsm-tls-check-version, nsm-tls-check-compression, nsm-tls-check-renegotiation-info-ext, nsm-tls-check-verify-cert, nsm-tls-check-same-cert, nsm-tls-check-null-suite, nsm-tls-check-export-kx, nsm-tls-check-anon-kx, nsm-tls-check-md5-sig, nsm-tls-check-rc4-cipher, nsm-tls-check-dhe-prime-kx, nsm-tls-check-sha1-sig, nsm-tls-check-ecdsa-cbc-cipher nsm-tls-check-dhe-kx, nsm-tls-check-rsa-kx, nsm-tls-check-3des-cipher, nsm-tls-check-cbc-cipher, nsm-save-fingerprint-maybe, nsm-tls-post-check-functions): New options and functions for checking TLS handshake problems. * lisp/net/nsm.el (nsm-check-certificate, network-security-protocol-checks, nsm-protocol-check--diffie-hellman-prime-bits, nsm-protocol-check--3des, nsm-protocol-check--rc4, nsm-protocol-check--signature-sha1, nsm-protocol-check--intermediate-sha1, nsm-protocol-check--ssl, nsm-check-protocol): Remove in favor of `nsm-tls-checks' and `nsm-tls-check-*' functions. * lisp/net/nsm.el (nsm-verify-connection): Ensure connection is checked even when `network-security-level' is `low'. * lisp/net/nsm.el (nsm-check-tls-connection): Batch all problems found before querying the user. * lisp/net/nsm.el (nsm--encryption): Renamed to `nsm-cipher-suite'. * lisp/net/nsm.el (nsm-fingerprint-ok-p): No longer prompt when certificate fingerprints mismatch. Returns a boolean instead when the fingerprint of the certificate received matches the saved fingerprints. * lisp/net/nsm.el (nsm-query): Change signature. Accepts a list of problems and a preformatted message instead of just a message format and the arguments for the message. * lisp/net/nsm.el (nsm-query-user): Change signature. Accepts a preformatted message and the peer status of the handshake instead of a message format, its arguments and the certificate for the host. * lisp/net/nsm.el (nsm-save-host): Change signature. Accepts a list of problems after the WHAT parameter. Saves multiple fingerprints for the same host in case the host load balances a TLS server with more than one certificates signed with different keys. Makes sure conditions are not removed when updating a fingerprint. * lisp/net/nsm.el (nsm-format-certificate): Display the TLS handshake's renegotiation info extension, compression level, encrypt-then-MAC extension, and key exchange prime bit length. * src/gnutls.c (gnutls-peer-status-warning-describe, gnutls-peer-status): Check for certificate verification problems introduced since GnuTLS 3.1. * src/gnutls.c (gnutls-peer-status): `:compression', `:encrypt-then-mac' and `:safe-renegotiation' are now contained in the peer status result return value.
-
- 08 Jul, 2018 1 commit
-
-
Lars Ingebrigtsen authored
* lisp/net/nsm.el (nsm-protocol-check--intermediate-sha1): Allow storing the exception with a correct name.
-
- 25 Jun, 2018 2 commits
-
-
Lars Ingebrigtsen authored
* doc/emacs/misc.texi (Network Security): Ditto. * lisp/net/nsm.el (network-security-protocol-checks): Fix spelling on "intermediate". (nsm-protocol-check--intermediate-sha1): Ditto.
-
Lars Ingebrigtsen authored
* lisp/net/nsm.el (nsm-protocol-check--intermediary-sha1): Make the "skip the root cert" logic work (suggested by Noam Postavsky).
-
- 24 Jun, 2018 3 commits
-
-
Lars Ingebrigtsen authored
* doc/emacs/misc.texi (Network Security): Update the doc to say what's on the different levels. * lisp/net/nsm.el (nsm-protocol-check--intermediary-sha1): Check intermediary certificates for SHA1. (nsm-protocol-check--3des): Check for 3DES ciphers. (network-security-protocol-checks): Put most of the checks on `medium'.
-
Lars Ingebrigtsen authored
* lisp/net/nsm.el (nsm-check-protocol): Fix reverse test in previous check-in.
-
Lars Ingebrigtsen authored
* doc/emacs/misc.texi (Network Security): Mention network-security-protocol-checks. * lisp/net/nsm.el (network-security-protocol-checks): New variable. (nsm-check-protocol): Refactor the checks into separate functions for greater flexibility. (nsm-protocol-check--diffie-hellman-prime-bits) (nsm-protocol-check--rc4, nsm-protocol-check--ssl) (nsm-protocol-check--signature-sha1): Refactored out of the big function.
-
- 01 Jan, 2018 1 commit
-
-
Paul Eggert authored
Run admin/update-copyright.
-
- 06 Oct, 2017 1 commit
-
-
Mark Oteiza authored
* lisp/emacs-lisp/rmc.el: New file. * lisp/emacs-lisp/subr-x.el (read-multiple-choice): Remove. * lisp/gnus/message.el: * lisp/net/nsm.el: Change required library.
-
- 13 Sep, 2017 1 commit
-
-
Paul Eggert authored
Most of this change is to boilerplate commentary such as license URLs. This change was prompted by ftp://ftp.gnu.org's going-away party, planned for November. Change these FTP URLs to https://ftp.gnu.org instead. Make similar changes for URLs to other organizations moving away from FTP. Also, change HTTP to HTTPS for URLs to gnu.org and fsf.org when this works, as this will further help defend against man-in-the-middle attacks (for this part I omitted the MS-DOS and MS-Windows sources and the test tarballs to keep the workload down). HTTPS is not fully working to lists.gnu.org so I left those URLs alone for now.
-
- 18 Apr, 2017 1 commit
-
-
Glenn Morris authored
* lisp/doc-view.el, lisp/filenotify.el, lisp/info-look.el: * lisp/svg.el, lisp/emacs-lisp/byte-opt.el, lisp/net/shr.el: * lisp/textmodes/sgml-mode.el, test/lisp/dom-tests.el: No need to load subr-x at run-time. * lisp/gnus/nnheader.el: No need to load subr-x. ; * lisp/emacs-lisp/subr-x.el, lisp/gnus/message.el, lisp/net/nsm.el: ; Comments.
-
- 01 Jan, 2017 1 commit
-
-
Paul Eggert authored
Run admin/update-copyright.
-
- 22 Jul, 2016 1 commit
-
-
Lars Ingebrigtsen authored
* lisp/faces.el (read-multiple-choice-face): Fix doc string. * lisp/emacs-lisp/subr-x.el (read-multiple-choice): Move here from subr.el. * lisp/gnus/message.el (subr-x): Ditto. * lisp/net/nsm.el: Require subr-x for read-multiple-choice. read-multiple-choice doesn't need to be in the dumped Emacs, so move it to a less central file.
-
- 06 Feb, 2016 1 commit
-
-
Lars Ingebrigtsen authored
* lisp/net/nsm.el (nsm-query): Issue a message about aborting/accepting messages (suggested by N. Jackson) (bug#22531).
-
- 05 Feb, 2016 3 commits
-
-
Lars Ingebrigtsen authored
* lisp/net/nsm.el (nsm-query-user): Restore the window configuration. Backport:
-
Lars Ingebrigtsen authored
* lisp/net/nsm.el (nsm-query-user): Restore the window configuration (bug#22532).
-
Lars Ingebrigtsen authored
* lisp/net/nsm.el (nsm-query-user): Use read-multiple-choice to prompt in a nicer way (bug#19368).
-
- 25 Jan, 2016 1 commit
-
-
Mark Oteiza authored
-
- 03 Jan, 2016 2 commits
-
-
Lars Magne Ingebrigtsen authored
-
Lars Magne Ingebrigtsen authored
* nsm.el (nsm-check-protocol): When using high security, warn about SHA1 certificates, which are now believed to be open to spoofing.
-
- 01 Jan, 2016 1 commit
-
-
Paul Eggert authored
Run admin/update-copyright.
-
- 24 Aug, 2015 1 commit
-
-
Paul Eggert authored
Instead of restyling curved quotes for every call to ‘format’, create a new function ‘format-message’ that does the restyling, and using the new function instead of ‘format’ only in contexts where this seems appropriate. Problem reported by Dmitry Gutov and Andreas Schwab in: http://lists.gnu.org/archive/html/emacs-devel/2015-08/msg00826.html http://lists.gnu.org/archive/html/emacs-devel/2015-08/msg00827.html * doc/lispref/commands.texi (Using Interactive): * doc/lispref/control.texi (Signaling Errors, Signaling Errors): * doc/lispref/display.texi (Displaying Messages, Progress): * doc/lispref/elisp.texi: * doc/lispref/help.texi (Keys in Documentation): * doc/lispref/minibuf.texi (Minibuffer Misc): * doc/lispref/strings.texi (Formatting Strings): * etc/NEWS: Document the changes. * lisp/abbrev.el (expand-region-abbrevs): * lisp/apropos.el (apropos-library): * lisp/calc/calc-ext.el (calc-record-message) (calc-user-function-list): * lisp/calc/calc-help.el (calc-describe-key, calc-full-help): * lisp/calc/calc-lang.el (math-read-big-balance): * lisp/calc/calc-store.el (calc-edit-variable): * lisp/calc/calc-units.el (math-build-units-table-buffer): * lisp/calc/calc-yank.el (calc-edit-mode): * lisp/calendar/icalendar.el (icalendar-export-region) (icalendar--add-diary-entry): * lisp/cedet/mode-local.el (mode-local-print-binding) (mode-local-describe-bindings-2): * lisp/cedet/semantic/complete.el (semantic-completion-message): * lisp/cedet/semantic/edit.el (semantic-parse-changes-failed): * lisp/cedet/semantic/wisent/comp.el (wisent-log): * lisp/cedet/srecode/insert.el (srecode-insert-show-error-report): * lisp/descr-text.el (describe-text-properties-1, describe-char): * lisp/dframe.el (dframe-message): * lisp/dired-aux.el (dired-query): * lisp/emacs-lisp/byte-opt.el (byte-compile-log-lap-1): * lisp/emacs-lisp/bytecomp.el (byte-compile-log) (byte-compile-log-file, byte-compile-warn, byte-compile-form): * lisp/emacs-lisp/cconv.el (cconv-convert, cconv--analyze-use) (cconv-analyze-form): * lisp/emacs-lisp/check-declare.el (check-declare-warn): * lisp/emacs-lisp/checkdoc.el (checkdoc-this-string-valid-engine): * lisp/emacs-lisp/cl-macs.el (cl-symbol-macrolet): * lisp/emacs-lisp/edebug.el (edebug-format): * lisp/emacs-lisp/eieio-core.el (eieio-oref): * lisp/emacs-lisp/eldoc.el (eldoc-minibuffer-message) (eldoc-message): * lisp/emacs-lisp/elint.el (elint-file, elint-log): * lisp/emacs-lisp/find-func.el (find-function-library): * lisp/emacs-lisp/macroexp.el (macroexp--obsolete-warning): * lisp/emacs-lisp/map-ynp.el (map-y-or-n-p): * lisp/emacs-lisp/nadvice.el (advice--make-docstring): * lisp/emacs-lisp/package.el (package-compute-transaction) (package-install-button-action, package-delete-button-action) (package-menu--list-to-prompt): * lisp/emacs-lisp/timer.el (timer-event-handler): * lisp/emacs-lisp/warnings.el (lwarn, warn): * lisp/emulation/viper-cmd.el: (viper-toggle-parse-sexp-ignore-comments) (viper-kill-buffer, viper-brac-function): * lisp/emulation/viper-macs.el (viper-record-kbd-macro): * lisp/facemenu.el (facemenu-add-new-face): * lisp/faces.el (face-documentation, read-face-name) (face-read-string, read-face-font, describe-face): * lisp/files.el (find-alternate-file, hack-local-variables) (hack-one-local-variable--obsolete, write-file) (basic-save-buffer, delete-directory): * lisp/format.el (format-write-file, format-find-file) (format-insert-file): * lisp/help-fns.el (help-fns--key-bindings) (help-fns--compiler-macro, help-fns--obsolete) (help-fns--interactive-only, describe-function-1) (describe-variable): * lisp/help.el (describe-mode): * lisp/info-xref.el (info-xref-output): * lisp/info.el (Info-virtual-index-find-node) (Info-virtual-index, info-apropos): * lisp/international/kkc.el (kkc-error): * lisp/international/mule-cmds.el: (select-safe-coding-system-interactively) (select-safe-coding-system, describe-input-method): * lisp/international/mule-conf.el (code-offset): * lisp/international/mule-diag.el (describe-character-set) (list-input-methods-1): * lisp/international/quail.el (quail-error): * lisp/minibuffer.el (minibuffer-message): * lisp/mpc.el (mpc--debug): * lisp/msb.el (msb--choose-menu): * lisp/net/ange-ftp.el (ange-ftp-message): * lisp/net/gnutls.el (gnutls-message-maybe): * lisp/net/newst-backend.el (newsticker--sentinel-work): * lisp/net/newst-treeview.el (newsticker--treeview-load): * lisp/net/nsm.el (nsm-query-user): * lisp/net/rlogin.el (rlogin): * lisp/net/soap-client.el (soap-warning): * lisp/net/tramp.el (tramp-debug-message): * lisp/nxml/nxml-outln.el (nxml-report-outline-error): * lisp/nxml/nxml-parse.el (nxml-parse-error): * lisp/nxml/rng-cmpct.el (rng-c-error): * lisp/nxml/rng-match.el (rng-compile-error): * lisp/nxml/rng-uri.el (rng-uri-error): * lisp/obsolete/iswitchb.el (iswitchb-possible-new-buffer): * lisp/org/org-ctags.el: (org-ctags-ask-rebuild-tags-file-then-find-tag): * lisp/proced.el (proced-log): * lisp/progmodes/ebnf2ps.el (ebnf-log): * lisp/progmodes/flymake.el (flymake-log): * lisp/progmodes/vhdl-mode.el (vhdl-warning-when-idle): * lisp/replace.el (occur-1): * lisp/simple.el (execute-extended-command) (undo-outer-limit-truncate, define-alternatives): * lisp/startup.el (command-line): * lisp/subr.el (error, user-error, add-to-list): * lisp/tutorial.el (tutorial--describe-nonstandard-key) (tutorial--find-changed-keys): * src/callint.c (Fcall_interactively): * src/editfns.c (Fmessage, Fmessage_box): Restyle the quotes of format strings intended for use as a diagnostic, when restyling seems appropriate. * lisp/subr.el (format-message): New function. * src/doc.c (Finternal__text_restyle): New function. (syms_of_doc): Define it.
-
- 09 May, 2015 1 commit
-
-
Glenn Morris authored
* lisp/dired-aux.el (lpr-printer-switch): * lisp/frame.el (tool-bar-height): * lisp/linum.el (font-info): * lisp/window.el (font-info, overflow-newline-into-fringe) (tool-bar-height): * lisp/emacs-lisp/package-x.el (tar-data-buffer): * lisp/gnus/gnus-util.el (iswitchb-mode): * lisp/mail/rmailmm.el (libxml-parse-html-region): * lisp/net/nsm.el (gnutls-peer-status) (gnutls-peer-status-warning-describe): * lisp/net/shr.el (libxml-parse-xml-region): * lisp/url/url-http.el (gnutls-peer-status): Declare.
-
- 12 Apr, 2015 1 commit
-
-
Johan Bockgård authored
-
- 01 Jan, 2015 1 commit
-
-
Paul Eggert authored
Run admin/update-copyright.
-
- 21 Dec, 2014 1 commit
-
-
Lars Ingebrigtsen authored
* lisp/net/nsm.el (nsm-save-host): Don't save the host name twice.
-
- 08 Dec, 2014 1 commit
-
-
Lars Magne Ingebrigtsen authored
* doc/emacs/misc.texi (Network Security): Mention the new protocol-level `high' NSM checks. (nsm-check-protocol): Also warn if using SSL3 or older.
-