[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] master 8037694: Tweak gnutls-peer-status reporting
From: |
Paul Eggert |
Subject: |
[Emacs-diffs] master 8037694: Tweak gnutls-peer-status reporting |
Date: |
Fri, 23 Aug 2019 14:52:08 -0400 (EDT) |
branch: master
commit 80376945952943888bb34c7d4ea06972e422eca7
Author: Paul Eggert <address@hidden>
Commit: Paul Eggert <address@hidden>
Tweak gnutls-peer-status reporting
* src/gnutls.c (Fgnutls_peer_status): Report :compression and
:encrypt-then-mac only if the underlying GnuTLS library has
the corresponding features. This give the Elisp caller a bit
more information about the peer status.
* lisp/net/nsm.el (nsm-protocol-check--compression):
Don’t worry about compression in newer GnuTLS versions
that do not support compression.
---
lisp/net/nsm.el | 3 ++-
src/gnutls.c | 16 +++++++---------
2 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index ed700bc..5e83810 100644
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -692,7 +692,8 @@ Sheffer, Holz, Saint-Andre (May 2015). \"Recommendations
for Secure
Use of Transport Layer Security (TLS) and Datagram Transport Layer
Security (DTLS)\", `https://tools.ietf.org/html/rfc7525'"
(let ((compression (plist-get status :compression)))
- (and (string-match "^\\bDEFLATE\\b" compression)
+ (and compression
+ (string-match "^\\bDEFLATE\\b" compression)
(format-message
"compression method (%s) may lead to leakage of sensitive
information"
compression))))
diff --git a/src/gnutls.c b/src/gnutls.c
index 51536b1..a7ef59a 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -1493,20 +1493,18 @@ returned as the :certificate entry. */)
/* Compression name. */
#ifdef HAVE_GNUTLS_COMPRESSION_GET
- Lisp_Object compression = build_string (gnutls_compression_get_name
- (gnutls_compression_get (state)));
-#else
- Lisp_Object compression = build_string ("NULL");
+ result = nconc2
+ (result, list2 (intern (":compression"),
+ build_string (gnutls_compression_get_name
+ (gnutls_compression_get (state)))));
#endif
- result = nconc2 (result, list2 (intern (":compression"), compression));
/* Encrypt-then-MAC. */
- Lisp_Object etm_status = Qnil;
#ifdef HAVE_GNUTLS_ETM_STATUS
- if (gnutls_session_etm_status (state))
- etm_status = Qt;
+ result = nconc2
+ (result, list2 (intern (":encrypt-then-mac"),
+ gnutls_session_etm_status (state) ? Qt : Qnil));
#endif
- result = nconc2 (result, list2 (intern (":encrypt-then-mac"), etm_status));
/* Renegotiation Indication */
result = nconc2
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] master 8037694: Tweak gnutls-peer-status reporting,
Paul Eggert <=