From: Lars Magne Ingebrigtsen Date: Mon, 8 Dec 2014 21:40:57 +0000 (+0100) Subject: Make the NSM prompting have more data X-Git-Tag: emacs-25.0.90~2635^2~147 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=be6767d59b9f984ee28d444aada0ecdd0245ec6e;p=emacs.git Make the NSM prompting have more data (nsm-format-certificate): Include more data about the connection. (nsm-query): Fill the text to that it looks nicer. --- diff --git a/lisp/ChangeLog b/lisp/ChangeLog index 696a42b6b1c..c109bc7cab6 100644 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog @@ -1,6 +1,8 @@ 2014-12-08 Lars Magne Ingebrigtsen * net/nsm.el (nsm-check-protocol): Test for RC4 on `high'. + (nsm-format-certificate): Include more data about the connection. + (nsm-query): Fill the text to that it looks nicer. 2014-12-08 Stefan Monnier diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el index 16e07ff088c..d1de1288ca6 100644 --- a/lisp/net/nsm.el +++ b/lisp/net/nsm.el @@ -164,7 +164,7 @@ unencrypted." (if (and (not (nsm-warnings-ok-p status settings)) (not (nsm-query host port status 'conditions - "The TLS connection to %s:%s is insecure\nfor the following reason%s:\n\n%s" + "The TLS connection to %s:%s is insecure for the following reason%s:\n\n%s" host port (if (> (length warnings) 1) "s" "") @@ -190,7 +190,7 @@ unencrypted." (not (nsm-query host port status :diffie-hellman-prime-bits - "The Diffie-Hellman prime bits (%s) used for this connection to\n%s:%s\nis less than what is considered safe (%s)." + "The Diffie-Hellman prime bits (%s) used for this connection to %s:%s is less than what is considered safe (%s)." prime-bits host port 1024))) (delete-process process) nil) @@ -200,7 +200,9 @@ unencrypted." (nsm-query host port status :rc4 "The connection to %s:%s uses the RC4 algorithm (%s), which is believed to be unsafe." - host port encryption)))) + host port encryption))) + (delete-process process) + nil) (t process)))) @@ -217,7 +219,7 @@ unencrypted." (setq did-query (nsm-query host port status 'fingerprint - "The fingerprint for the connection to %s:%s has changed from\n%s to\n%s" + "The fingerprint for the connection to %s:%s has changed from %s to %s" host port (plist-get settings :fingerprint) (nsm-fingerprint status))))) @@ -232,7 +234,7 @@ unencrypted." (defun nsm-new-fingerprint-ok-p (host port status) (nsm-query host port status 'fingerprint - "The fingerprint for the connection to %s:%s is new:\n%s" + "The fingerprint for the connection to %s:%s is new: %s" host port (nsm-fingerprint status))) @@ -246,7 +248,7 @@ unencrypted." (not (nsm-query host port nil 'conditions - "The connection to %s:%s used to be an encrypted\nconnection, but is now unencrypted. This might mean that there's a\nman-in-the-middle tapping this connection." + "The connection to %s:%s used to be an encrypted connection, but is now unencrypted. This might mean that there's a man-in-the-middle tapping this connection." host port))) (delete-process process) nil) @@ -285,7 +287,12 @@ unencrypted." (erase-buffer) (when (> (length cert) 0) (insert cert "\n")) - (insert (apply 'format message args)))) + (let ((start (point))) + (insert (apply 'format message args)) + (goto-char start) + ;; Fill the first line of the message, which usually + ;; contains lots of explanatory text. + (fill-region (point) (line-end-position))))) (let ((responses '((?n . no) (?s . session) (?a . always))) @@ -418,6 +425,15 @@ unencrypted." (insert "Public key:" (plist-get cert :public-key-algorithm) ", signature: " (plist-get cert :signature-algorithm) "\n")) + (when (and (plist-get status :key-exchange) + (plist-get status :cipher) + (plist-get status :mac) + (plist-get status :protocol)) + (insert + "Protocol:" (plist-get status :protocol) + ", key: " (plist-get status :key-exchange) + ", cipher: " (plist-get status :cipher) + ", mac: " (plist-get status :mac) "\n")) (when (plist-get cert :certificate-security-level) (insert "Security level:"