[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] netsec fab6139 6/6: Show full issuer and subject distingui
From: |
Jimmy Yuen Ho Wong |
Subject: |
[Emacs-diffs] netsec fab6139 6/6: Show full issuer and subject distinguished names |
Date: |
Sat, 14 Jul 2018 13:08:12 -0400 (EDT) |
branch: netsec
commit fab6139b8954c4d33c4430a722337e09939aa777
Author: Jimmy Yuen Ho Wong <address@hidden>
Commit: Jimmy Yuen Ho Wong <address@hidden>
Show full issuer and subject distinguished names
CAs like Let's Encrypt do not put O and OU into the Subject's DN.
Similarly, O and OU are often used to indicate Domain Validated or
Organization Validation as opposed to the actual OU.
Issuer CN often contains the issuer's server or as an indication of
Extended Validation certificate as opposed to the actual issuer
organization.
The Hostname part as extracted from the Subject is also confusing, as
in the case of a hostname mismatch, the Subject's CN, which
`nsm-format-certificate' naively calls the Hostname, will not actually
match the hostname in the problem preamble.
* lisp/net/nsm.el (nsm-format-certificate): Show full DN of Issuer and
Subject. Remove Hostname.
(nsm-certificate-part, nsm-parse-subject): Removed.
---
lisp/net/nsm.el | 39 ++-------------------------------------
1 file changed, 2 insertions(+), 37 deletions(-)
diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index a1798a8..b59ea07 100644
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -1002,13 +1002,9 @@ protocol."
(insert
(propertize "Certificate information" 'face 'underline) "\n"
" Issued by:"
- (nsm-certificate-part (plist-get cert :issuer) "CN" t) "\n"
+ (plist-get cert :issuer) "\n"
" Issued to:"
- (or (nsm-certificate-part (plist-get cert :subject) "O")
- (nsm-certificate-part (plist-get cert :subject) "OU" t))
- "\n"
- " Hostname:"
- (nsm-certificate-part (plist-get cert :subject) "CN" t) "\n")
+ (plist-get cert :subject) "\n")
(when (and (plist-get cert :public-key-algorithm)
(plist-get cert :signature-algorithm))
(insert " Public key:" (plist-get cert :public-key-algorithm) "\n")
@@ -1037,37 +1033,6 @@ protocol."
(insert (make-string (- 22 (current-column)) ? )))
(buffer-string)))))
-(defun nsm-certificate-part (string part &optional full)
- (let ((part (cadr (assoc part (nsm-parse-subject string)))))
- (cond
- (part part)
- (full string)
- (t nil))))
-
-(defun nsm-parse-subject (string)
- (with-temp-buffer
- (insert string)
- (goto-char (point-min))
- (let ((start (point))
- (result nil))
- (while (not (eobp))
- (push (replace-regexp-in-string
- "[\\]\\(.\\)" "\\1"
- (buffer-substring start
- (if (re-search-forward "[^\\]," nil 'move)
- (1- (point))
- (point))))
- result)
- (setq start (point)))
- (mapcar
- (lambda (elem)
- (let ((pos (cl-position ?= elem)))
- (if pos
- (list (substring elem 0 pos)
- (substring elem (1+ pos)))
- elem)))
- (nreverse result)))))
-
(defun nsm-level (symbol)
"Return a numerical level for SYMBOL for easier comparison."
(cond
- [Emacs-diffs] branch netsec created (now fab6139), Jimmy Yuen Ho Wong, 2018/07/14
- [Emacs-diffs] netsec 023f4c6 2/6: Set standard value of `gnutls-min-primes-bits' to nil, Jimmy Yuen Ho Wong, 2018/07/14
- [Emacs-diffs] netsec fab6139 6/6: Show full issuer and subject distinguished names,
Jimmy Yuen Ho Wong <=
- [Emacs-diffs] netsec 534a3d5 3/6: Revamp Network Security manager checks for TLS, Jimmy Yuen Ho Wong, 2018/07/14
- [Emacs-diffs] netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks, Jimmy Yuen Ho Wong, 2018/07/14
- [Emacs-diffs] netsec 87484dc 5/6: Full certificate chain details for NSM, Jimmy Yuen Ho Wong, 2018/07/14
- [Emacs-diffs] netsec a9f09f7 1/6: Check TLS certs against CRL, Jimmy Yuen Ho Wong, 2018/07/14