[Emacs-diffs] master be6767d: Make the NSM prompting have more data

emacs-diffs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Emacs-diffs] master be6767d: Make the NSM prompting have more data

From:	Lars Ingebrigtsen
Subject:	[Emacs-diffs] master be6767d: Make the NSM prompting have more data
Date:	Mon, 08 Dec 2014 21:41:08 +0000

branch: master
commit be6767d59b9f984ee28d444aada0ecdd0245ec6e
Author: Lars Magne Ingebrigtsen <address@hidden>
Commit: Lars Magne Ingebrigtsen <address@hidden>

    Make the NSM prompting have more data
    
    (nsm-format-certificate): Include more data about the connection.
    (nsm-query): Fill the text to that it looks nicer.
---
 lisp/ChangeLog  |    2 ++
 lisp/net/nsm.el |   30 +++++++++++++++++++++++-------
 2 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 696a42b..c109bc7 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,6 +1,8 @@
 2014-12-08  Lars Magne Ingebrigtsen  <address@hidden>
 
        * net/nsm.el (nsm-check-protocol): Test for RC4 on `high'.
+       (nsm-format-certificate): Include more data about the connection.
+       (nsm-query): Fill the text to that it looks nicer.
 
 2014-12-08  Stefan Monnier  <address@hidden>
 
diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index 16e07ff..d1de128 100644
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -164,7 +164,7 @@ unencrypted."
        (if (and (not (nsm-warnings-ok-p status settings))
                 (not (nsm-query
                       host port status 'conditions
-                      "The TLS connection to %s:%s is insecure\nfor the 
following reason%s:\n\n%s"
+                      "The TLS connection to %s:%s is insecure for the 
following reason%s:\n\n%s"
                       host port
                       (if (> (length warnings) 1)
                           "s" "")
@@ -190,7 +190,7 @@ unencrypted."
           (not
            (nsm-query
             host port status :diffie-hellman-prime-bits
-            "The Diffie-Hellman prime bits (%s) used for this connection 
to\n%s:%s\nis less than what is considered safe (%s)."
+            "The Diffie-Hellman prime bits (%s) used for this connection to 
%s:%s is less than what is considered safe (%s)."
             prime-bits host port 1024)))
       (delete-process process)
       nil)
@@ -200,7 +200,9 @@ unencrypted."
            (nsm-query
             host port status :rc4
             "The connection to %s:%s uses the RC4 algorithm (%s), which is 
believed to be unsafe."
-            host port encryption))))
+            host port encryption)))
+      (delete-process process)
+      nil)
      (t
       process))))
 
@@ -217,7 +219,7 @@ unencrypted."
              (setq did-query
                    (nsm-query
                     host port status 'fingerprint
-                    "The fingerprint for the connection to %s:%s has changed 
from\n%s to\n%s"
+                    "The fingerprint for the connection to %s:%s has changed 
from %s to %s"
                     host port
                     (plist-get settings :fingerprint)
                     (nsm-fingerprint status)))))
@@ -232,7 +234,7 @@ unencrypted."
 (defun nsm-new-fingerprint-ok-p (host port status)
   (nsm-query
    host port status 'fingerprint
-   "The fingerprint for the connection to %s:%s is new:\n%s"
+   "The fingerprint for the connection to %s:%s is new: %s"
    host port
    (nsm-fingerprint status)))
 
@@ -246,7 +248,7 @@ unencrypted."
         (not
          (nsm-query
           host port nil 'conditions
-          "The connection to %s:%s used to be an encrypted\nconnection, but is 
now unencrypted.  This might mean that there's a\nman-in-the-middle tapping 
this connection."
+          "The connection to %s:%s used to be an encrypted connection, but is 
now unencrypted.  This might mean that there's a man-in-the-middle tapping this 
connection."
           host port)))
     (delete-process process)
     nil)
@@ -285,7 +287,12 @@ unencrypted."
        (erase-buffer)
        (when (> (length cert) 0)
          (insert cert "\n"))
-       (insert (apply 'format message args))))
+       (let ((start (point)))
+         (insert (apply 'format message args))
+         (goto-char start)
+         ;; Fill the first line of the message, which usually
+         ;; contains lots of explanatory text.
+         (fill-region (point) (line-end-position)))))
     (let ((responses '((?n . no)
                       (?s . session)
                       (?a . always)))
@@ -418,6 +425,15 @@ unencrypted."
          (insert
           "Public key:" (plist-get cert :public-key-algorithm)
           ", signature: " (plist-get cert :signature-algorithm) "\n"))
+       (when (and (plist-get status :key-exchange)
+                  (plist-get status :cipher)
+                  (plist-get status :mac)
+                  (plist-get status :protocol))
+         (insert
+          "Protocol:" (plist-get status :protocol)
+          ", key: " (plist-get status :key-exchange)
+          ", cipher: " (plist-get status :cipher)
+          ", mac: " (plist-get status :mac) "\n"))
        (when (plist-get cert :certificate-security-level)
          (insert
           "Security level:"

[Prev in Thread]

Current Thread

[Next in Thread]

[Emacs-diffs] master be6767d: Make the NSM prompting have more data, Lars Ingebrigtsen <=

Prev by Date: [Emacs-diffs] master ad67503 1/2: Make gnutls-peer-status return even more data
Next by Date: [Emacs-diffs] master e9aaf96: Make NSM warn on `high' for older protocols, and document
Previous by thread: [Emacs-diffs] master updated (8665a74 -> 7befee1)
Next by thread: [Emacs-diffs] master e9aaf96: Make NSM warn on `high' for older protocols, and document
Index(es):
- Date
- Thread