[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] master 05/05: Rename `nsm-security-level' to `network-secu
From: |
Lars Ingebrigtsen |
Subject: |
[Emacs-diffs] master 05/05: Rename `nsm-security-level' to `network-security-level' |
Date: |
Sun, 23 Nov 2014 14:14:37 +0000 |
branch: master
commit b10d90066338c88a371fef1b59e2f455a37a3ba2
Author: Lars Magne Ingebrigtsen <address@hidden>
Date: Sun Nov 23 15:13:13 2014 +0100
Rename `nsm-security-level' to `network-security-level'
* net/nsm.el (network-security-level): Rename from
`nsm-security-level' and documented.
---
doc/lispref/processes.texi | 4 ++--
lisp/ChangeLog | 3 +++
lisp/net/nsm.el | 39 +++++++++++++++++++++++++++++++--------
3 files changed, 36 insertions(+), 10 deletions(-)
diff --git a/doc/lispref/processes.texi b/doc/lispref/processes.texi
index 48429e6..3c9da5c 100644
--- a/doc/lispref/processes.texi
+++ b/doc/lispref/processes.texi
@@ -2088,8 +2088,8 @@ entirely.
If the connection is unencrypted, but it was encrypted in previous
sessions, the user will also be notified about this.
address@hidden nsm-security-level
-The @code{nsm-security-level} variable determines the security level.
address@hidden network-security-level
+The @code{network-security-level} variable determines the security level.
If this is @code{low}, no security checks are performed.
diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 34ac2d3..b4e5b79 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,5 +1,8 @@
2014-11-23 Lars Magne Ingebrigtsen <address@hidden>
+ * net/nsm.el (network-security-level): Rename from
+ `nsm-security-level' and documented.
+
* mail/smtpmail.el (smtpmail-via-smtp): Warn unless encrypted and
we're sending a password.
diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index f51201a..fdbcd13 100644
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -34,8 +34,31 @@
:version "25.1"
:group 'comm)
-(defcustom nsm-security-level 'medium
- "How secure the network should be."
+(defcustom network-security-level 'low
+ "How secure the network should be.
+If a potential problem with the security of the network
+connection is found, the user is asked to give input into how the
+connection should be handled.
+
+The following values are possible:
+
+`low': Absolutely no checks are performed.
+
+`medium': This is the default level, and the following things will
+be prompted for.
+
+* invalid, self-signed or otherwise unverifiable certificates
+* whether a previously accepted unverifiable certificate has changed
+* when a connection that was previously protected by STARTTLS is
+ now unencrypted
+
+`high': In addition to the above.
+
+* any certificate that changes its public key
+
+`paranoid': In addition to the above.
+
+* any new certificate that you haven't seen before"
:version "25.1"
:group 'nsm
:type '(choice (const :tag "Low" low)
@@ -80,7 +103,7 @@ to keep track of the TLS status of STARTTLS servers.
If WARN-UNENCRYPTED, query the user if the connection is
unencrypted."
- (if (eq nsm-security-level 'low)
+ (if (eq network-security-level 'low)
process
(let* ((status (gnutls-peer-status process))
(id (nsm-id host port))
@@ -108,21 +131,21 @@ unencrypted."
;; certificate pinning.
((null warnings)
(cond
- ((< (nsm-level nsm-security-level) (nsm-level 'high))
+ ((< (nsm-level network-security-level) (nsm-level 'high))
process)
;; The certificate is fine, but if we're paranoid, we might
;; want to check whether it's changed anyway.
- ((and (>= (nsm-level nsm-security-level) (nsm-level 'high))
+ ((and (>= (nsm-level network-security-level) (nsm-level 'high))
(not (nsm-fingerprint-ok-p host port status settings)))
(delete-process process)
nil)
;; We haven't seen this before, and we're paranoid.
- ((and (eq nsm-security-level 'paranoid)
+ ((and (eq network-security-level 'paranoid)
(null settings)
(not (nsm-new-fingerprint-ok-p host port status)))
(delete-process process)
nil)
- ((>= (nsm-level nsm-security-level) (nsm-level 'high))
+ ((>= (nsm-level network-security-level) (nsm-level 'high))
;; Save the host fingerprint so that we can check it the
;; next time we connect.
(nsm-save-host host port status 'fingerprint 'always)
@@ -131,7 +154,7 @@ unencrypted."
process)))
;; The certificate did not validate.
- ((not (equal nsm-security-level 'low))
+ ((not (equal network-security-level 'low))
;; We always want to pin the certificate of invalid connections
;; to track man-in-the-middle or the like.
(if (not (nsm-fingerprint-ok-p host port status settings))