[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] emacs-25 1da116f: Add SHA1 warnings for high network secur
From: |
Lars Ingebrigtsen |
Subject: |
[Emacs-diffs] emacs-25 1da116f: Add SHA1 warnings for high network security settings |
Date: |
Sun, 03 Jan 2016 09:41:56 +0000 |
branch: emacs-25
commit 1da116f8ec3f22738961a1997b71db63c2fdac08
Author: Lars Magne Ingebrigtsen <address@hidden>
Commit: Lars Magne Ingebrigtsen <address@hidden>
Add SHA1 warnings for high network security settings
* nsm.el (nsm-check-protocol): When using high security, warn
about SHA1 certificates, which are now believed to be open to
spoofing.
---
lisp/net/nsm.el | 13 ++++++++++++-
1 files changed, 12 insertions(+), 1 deletions(-)
diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index 31f2b32..dadf0b9 100644
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -183,7 +183,9 @@ unencrypted."
(defun nsm-check-protocol (process host port status settings)
(let ((prime-bits (plist-get status :diffie-hellman-prime-bits))
- (encryption (format "%s-%s-%s"
+ (signature-algorithm
+ (plist-get (plist-get status :certificate) :signature-algorithm))
+ (encryption (format "%s-%s-%s"
(plist-get status :key-exchange)
(plist-get status :cipher)
(plist-get status :mac)))
@@ -209,6 +211,15 @@ unencrypted."
host port encryption)))
(delete-process process)
nil)
+ ((and (string-match "\\bSHA1\\b" signature-algorithm)
+ (not (memq :signature-sha1 (plist-get settings :conditions)))
+ (not
+ (nsm-query
+ host port status :signature-sha1
+ "The certificate used to verify the connectio to %s:%s uses the
SHA1 algorithm (%s), which is believed to be unsafe."
+ host port signature-algorithm)))
+ (delete-process process)
+ nil)
((and protocol
(string-match "SSL" protocol)
(not (memq :ssl (plist-get settings :conditions)))
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] emacs-25 1da116f: Add SHA1 warnings for high network security settings,
Lars Ingebrigtsen <=