[Emacs-diffs] nsm 01/01: NSM exception handling on changed certificates

emacs-diffs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Emacs-diffs] nsm 01/01: NSM exception handling on changed certificates

From:	Lars Ingebrigtsen
Subject:	[Emacs-diffs] nsm 01/01: NSM exception handling on changed certificates
Date:	Wed, 19 Nov 2014 14:25:45 +0000

branch: nsm
commit db1256f4f8b50aa014d4a0b1c2036cd73fe1dfbd
Author: Lars Magne Ingebrigtsen <address@hidden>
Date:   Wed Nov 19 15:25:34 2014 +0100

    NSM exception handling on changed certificates
    
    * net/nsm.el (nsm-fingerprint): New function.
    (nsm-fingerprint-ok-p): Use the public key hash as the fingerprint
    instead of the certificate fingerprint.
    (nsm-fingerprint-ok-p): If the fingerprint changed, then remove
    previously accepted warnings.
---
 lisp/ChangeLog  |    2 ++
 lisp/net/nsm.el |   33 ++++++++++++++++++++-------------
 2 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 0c0e81d..a82976e 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -3,6 +3,8 @@
        * net/nsm.el (nsm-fingerprint): New function.
        (nsm-fingerprint-ok-p): Use the public key hash as the fingerprint
        instead of the certificate fingerprint.
+       (nsm-fingerprint-ok-p): If the fingerprint changed, then remove
+       previously accepted warnings.
 
 2014-11-18  Lars Magne Ingebrigtsen  <address@hidden>
 
diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index 9e18d65..f20fa00 100644
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -152,19 +152,26 @@ unencrypted."
   (plist-get (plist-get status :certificate) :public-key-id))
 
 (defun nsm-fingerprint-ok-p (host port status settings)
-  (if (and settings
-          (not (eq (plist-get settings :fingerprint) :none))
-          (not (equal (nsm-fingerprint status)
-                      (plist-get settings :fingerprint)))
-          (not (nsm-query
-                host port status 'fingerprint
-                "The fingerprint for the connection to %s:%s has changed 
from\n%s to\n%s"
-                host port
-                (plist-get settings :fingerprint)
-                (nsm-fingerprint status))))
-      ;; Not OK.
-      nil
-    t))
+  (let ((did-query nil))
+    (if (and settings
+            (not (eq (plist-get settings :fingerprint) :none))
+            (not (equal (nsm-fingerprint status)
+                        (plist-get settings :fingerprint)))
+            (not
+             (setq did-query
+                   (nsm-query
+                    host port status 'fingerprint
+                    "The fingerprint for the connection to %s:%s has changed 
from\n%s to\n%s"
+                    host port
+                    (plist-get settings :fingerprint)
+                    (nsm-fingerprint status)))))
+       ;; Not OK.
+       nil
+      (when did-query
+       ;; Remove any exceptions that have been set on the previous
+       ;; certificate.
+       (plist-put settings :conditions nil))
+      t)))
 
 (defun nsm-new-fingerprint-ok-p (host port status)
   (nsm-query

[Prev in Thread]

Current Thread

[Next in Thread]

[Emacs-diffs] nsm 01/01: NSM exception handling on changed certificates, Lars Ingebrigtsen <=

Prev by Date: [Emacs-diffs] nsm 01/02: (gnutls_certificate_details): Return the public key fingerprint
Next by Date: [Emacs-diffs] nsm updated (db1256f -> 838afa4)
Previous by thread: [Emacs-diffs] nsm updated (8c9ee5e -> 703336f)
Next by thread: [Emacs-diffs] nsm updated (db1256f -> 838afa4)
Index(es):
- Date
- Thread