Tweak gnutls-peer-status reporting

* src/gnutls.c (Fgnutls_peer_status): Report :compression and
:encrypt-then-mac only if the underlying GnuTLS library has
the corresponding features.  This give the Elisp caller a bit
more information about the peer status.
* lisp/net/nsm.el (nsm-protocol-check--compression):
Don’t worry about compression in newer GnuTLS versions
that do not support compression.

diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index ed700bc9b5defa819ca8744a3de57d671681bfb7..5e8381075bea11db71c5b66aa08d5a08946ec0fd 100644 (file)
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -692,7 +692,8 @@ Sheffer, Holz, Saint-Andre (May 2015).  \"Recommendations for Secure
 Use of Transport Layer Security (TLS) and Datagram Transport Layer
 Security (DTLS)\", `https://tools.ietf.org/html/rfc7525'"
   (let ((compression (plist-get status :compression)))
-    (and (string-match "^\\bDEFLATE\\b" compression)
+    (and compression
+        (string-match "^\\bDEFLATE\\b" compression)
          (format-message
           "compression method (%s) may lead to leakage of sensitive information"
           compression))))

diff --git a/src/gnutls.c b/src/gnutls.c
index 51536b146321f2fce406ddceeb21de6b05a8433e..a7ef59ab919039357ae74fb32965431c8d2df197 100644 (file)
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -1493,20 +1493,18 @@ returned as the :certificate entry.  */)
 
   /* Compression name. */
 #ifdef HAVE_GNUTLS_COMPRESSION_GET
-  Lisp_Object compression = build_string (gnutls_compression_get_name
-                                         (gnutls_compression_get (state)));
-#else
-  Lisp_Object compression = build_string ("NULL");
+  result = nconc2
+    (result, list2 (intern (":compression"),
+                   build_string (gnutls_compression_get_name
+                                 (gnutls_compression_get (state)))));
 #endif
-  result = nconc2 (result, list2 (intern (":compression"), compression));
 
   /* Encrypt-then-MAC. */
-  Lisp_Object etm_status = Qnil;
 #ifdef HAVE_GNUTLS_ETM_STATUS
-  if (gnutls_session_etm_status (state))
-    etm_status = Qt;
+  result = nconc2
+    (result, list2 (intern (":encrypt-then-mac"),
+                   gnutls_session_etm_status (state) ? Qt : Qnil));
 #endif
-  result = nconc2 (result, list2 (intern (":encrypt-then-mac"), etm_status));
 
   /* Renegotiation Indication */
   result = nconc2