[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] nsm 01/01: NSM exception handling on changed certificates
From: |
Lars Ingebrigtsen |
Subject: |
[Emacs-diffs] nsm 01/01: NSM exception handling on changed certificates |
Date: |
Wed, 19 Nov 2014 14:25:45 +0000 |
branch: nsm
commit db1256f4f8b50aa014d4a0b1c2036cd73fe1dfbd
Author: Lars Magne Ingebrigtsen <address@hidden>
Date: Wed Nov 19 15:25:34 2014 +0100
NSM exception handling on changed certificates
* net/nsm.el (nsm-fingerprint): New function.
(nsm-fingerprint-ok-p): Use the public key hash as the fingerprint
instead of the certificate fingerprint.
(nsm-fingerprint-ok-p): If the fingerprint changed, then remove
previously accepted warnings.
---
lisp/ChangeLog | 2 ++
lisp/net/nsm.el | 33 ++++++++++++++++++++-------------
2 files changed, 22 insertions(+), 13 deletions(-)
diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 0c0e81d..a82976e 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -3,6 +3,8 @@
* net/nsm.el (nsm-fingerprint): New function.
(nsm-fingerprint-ok-p): Use the public key hash as the fingerprint
instead of the certificate fingerprint.
+ (nsm-fingerprint-ok-p): If the fingerprint changed, then remove
+ previously accepted warnings.
2014-11-18 Lars Magne Ingebrigtsen <address@hidden>
diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index 9e18d65..f20fa00 100644
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -152,19 +152,26 @@ unencrypted."
(plist-get (plist-get status :certificate) :public-key-id))
(defun nsm-fingerprint-ok-p (host port status settings)
- (if (and settings
- (not (eq (plist-get settings :fingerprint) :none))
- (not (equal (nsm-fingerprint status)
- (plist-get settings :fingerprint)))
- (not (nsm-query
- host port status 'fingerprint
- "The fingerprint for the connection to %s:%s has changed
from\n%s to\n%s"
- host port
- (plist-get settings :fingerprint)
- (nsm-fingerprint status))))
- ;; Not OK.
- nil
- t))
+ (let ((did-query nil))
+ (if (and settings
+ (not (eq (plist-get settings :fingerprint) :none))
+ (not (equal (nsm-fingerprint status)
+ (plist-get settings :fingerprint)))
+ (not
+ (setq did-query
+ (nsm-query
+ host port status 'fingerprint
+ "The fingerprint for the connection to %s:%s has changed
from\n%s to\n%s"
+ host port
+ (plist-get settings :fingerprint)
+ (nsm-fingerprint status)))))
+ ;; Not OK.
+ nil
+ (when did-query
+ ;; Remove any exceptions that have been set on the previous
+ ;; certificate.
+ (plist-put settings :conditions nil))
+ t)))
(defun nsm-new-fingerprint-ok-p (host port status)
(nsm-query
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] nsm 01/01: NSM exception handling on changed certificates,
Lars Ingebrigtsen <=