Rename `nsm-security-level' to `network-security-level'

* net/nsm.el (network-security-level): Rename from
`nsm-security-level' and documented.

diff --git a/doc/lispref/processes.texi b/doc/lispref/processes.texi
index 48429e6fd93e8ac3e4c582a3a8b7647854d41381..3c9da5c64cd1c9442c5fcee25ec0852a7fa9cc2c 100644 (file)
--- a/doc/lispref/processes.texi
+++ b/doc/lispref/processes.texi
@@ -2088,8 +2088,8 @@ entirely.
 If the connection is unencrypted, but it was encrypted in previous
 sessions, the user will also be notified about this.
 
-@vindex nsm-security-level
-The @code{nsm-security-level} variable determines the security level.
+@vindex network-security-level
+The @code{network-security-level} variable determines the security level.
 If this is @code{low}, no security checks are performed.
 
 

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 34ac2d31c4bacc232196dc0065a2dd3d9928eb74..b4e5b7954e3cebcca96f3f5e9168f2eeefc5113d 100644 (file)
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,5 +1,8 @@
 2014-11-23  Lars Magne Ingebrigtsen  <larsi@gnus.org>
 
+       * net/nsm.el (network-security-level): Rename from
+       `nsm-security-level' and documented.
+
        * mail/smtpmail.el (smtpmail-via-smtp): Warn unless encrypted and
        we're sending a password.
 

diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index f51201a1270d82b70b5d47ce5389b6820acba43c..fdbcd13d3eed8f41d76525fb81e2bfa7d0017760 100644 (file)
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -34,8 +34,31 @@
   :version "25.1"
   :group 'comm)
 
-(defcustom nsm-security-level 'medium
-  "How secure the network should be."
+(defcustom network-security-level 'low
+  "How secure the network should be.
+If a potential problem with the security of the network
+connection is found, the user is asked to give input into how the
+connection should be handled.
+
+The following values are possible:
+
+`low': Absolutely no checks are performed.
+
+`medium': This is the default level, and the following things will
+be prompted for.
+
+* invalid, self-signed or otherwise unverifiable certificates
+* whether a previously accepted unverifiable certificate has changed
+* when a connection that was previously protected by STARTTLS is
+  now unencrypted
+
+`high': In addition to the above.
+
+* any certificate that changes its public key
+
+`paranoid': In addition to the above.
+
+* any new certificate that you haven't seen before"
   :version "25.1"
   :group 'nsm
   :type '(choice (const :tag "Low" low)
@@ -80,7 +103,7 @@ to keep track of the TLS status of STARTTLS servers.
 
 If WARN-UNENCRYPTED, query the user if the connection is
 unencrypted."
-  (if (eq nsm-security-level 'low)
+  (if (eq network-security-level 'low)
       process
     (let* ((status (gnutls-peer-status process))
           (id (nsm-id host port))
@@ -108,21 +131,21 @@ unencrypted."
      ;; certificate pinning.
      ((null warnings)
       (cond
-       ((< (nsm-level nsm-security-level) (nsm-level 'high))
+       ((< (nsm-level network-security-level) (nsm-level 'high))
        process)
        ;; The certificate is fine, but if we're paranoid, we might
        ;; want to check whether it's changed anyway.
-       ((and (>= (nsm-level nsm-security-level) (nsm-level 'high))
+       ((and (>= (nsm-level network-security-level) (nsm-level 'high))
             (not (nsm-fingerprint-ok-p host port status settings)))
        (delete-process process)
        nil)
        ;; We haven't seen this before, and we're paranoid.
-       ((and (eq nsm-security-level 'paranoid)
+       ((and (eq network-security-level 'paranoid)
             (null settings)
             (not (nsm-new-fingerprint-ok-p host port status)))
        (delete-process process)
        nil)
-       ((>= (nsm-level nsm-security-level) (nsm-level 'high))
+       ((>= (nsm-level network-security-level) (nsm-level 'high))
        ;; Save the host fingerprint so that we can check it the
        ;; next time we connect.
        (nsm-save-host host port status 'fingerprint 'always)
@@ -131,7 +154,7 @@ unencrypted."
        process)))
 
      ;; The certificate did not validate.
-     ((not (equal nsm-security-level 'low))
+     ((not (equal network-security-level 'low))
       ;; We always want to pin the certificate of invalid connections
       ;; to track man-in-the-middle or the like.
       (if (not (nsm-fingerprint-ok-p host port status settings))