From: Paul Eggert <eggert@cs.ucla.edu>
Date: Fri, 23 Aug 2019 18:50:40 +0000 (-0700)
Subject: Tweak gnutls-peer-status reporting
X-Git-Tag: emacs-27.0.90~1328^2~91
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=80376945952943888bb34c7d4ea06972e422eca7;p=emacs.git

Tweak gnutls-peer-status reporting

* src/gnutls.c (Fgnutls_peer_status): Report :compression and
:encrypt-then-mac only if the underlying GnuTLS library has
the corresponding features.  This give the Elisp caller a bit
more information about the peer status.
* lisp/net/nsm.el (nsm-protocol-check--compression):
Don’t worry about compression in newer GnuTLS versions
that do not support compression.
---

diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index ed700bc9b5d..5e8381075be 100644
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -692,7 +692,8 @@ Sheffer, Holz, Saint-Andre (May 2015).  \"Recommendations for Secure
 Use of Transport Layer Security (TLS) and Datagram Transport Layer
 Security (DTLS)\", `https://tools.ietf.org/html/rfc7525'"
   (let ((compression (plist-get status :compression)))
-    (and (string-match "^\\bDEFLATE\\b" compression)
+    (and compression
+	 (string-match "^\\bDEFLATE\\b" compression)
          (format-message
           "compression method (%s) may lead to leakage of sensitive information"
           compression))))
diff --git a/src/gnutls.c b/src/gnutls.c
index 51536b14632..a7ef59ab919 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -1493,20 +1493,18 @@ returned as the :certificate entry.  */)
 
   /* Compression name. */
 #ifdef HAVE_GNUTLS_COMPRESSION_GET
-  Lisp_Object compression = build_string (gnutls_compression_get_name
-					  (gnutls_compression_get (state)));
-#else
-  Lisp_Object compression = build_string ("NULL");
+  result = nconc2
+    (result, list2 (intern (":compression"),
+		    build_string (gnutls_compression_get_name
+				  (gnutls_compression_get (state)))));
 #endif
-  result = nconc2 (result, list2 (intern (":compression"), compression));
 
   /* Encrypt-then-MAC. */
-  Lisp_Object etm_status = Qnil;
 #ifdef HAVE_GNUTLS_ETM_STATUS
-  if (gnutls_session_etm_status (state))
-    etm_status = Qt;
+  result = nconc2
+    (result, list2 (intern (":encrypt-then-mac"),
+		    gnutls_session_etm_status (state) ? Qt : Qnil));
 #endif
-  result = nconc2 (result, list2 (intern (":encrypt-then-mac"), etm_status));
 
   /* Renegotiation Indication */
   result = nconc2