X-Git-Url: http://cgit.sxemacs.org/?a=blobdiff_plain;f=lisp%2Ftls.el;h=48e6a42186ca1ec2318549b074b8e62a76f8057a;hb=ea3902284b96bfc95c9eeec1f63b6028b4e12871;hp=116c7e9d84a8fecf7fd540992a74910edffcb204;hpb=0376161d3cb0652041055ae0d468c5af3f6cd4d4;p=gnus diff --git a/lisp/tls.el b/lisp/tls.el index 116c7e9d8..48e6a4218 100644 --- a/lisp/tls.el +++ b/lisp/tls.el @@ -1,6 +1,6 @@ ;;; tls.el --- TLS/SSL support via wrapper around GnuTLS -;; Copyright (C) 1996-1999, 2002-2012 Free Software Foundation, Inc. +;; Copyright (C) 1996-1999, 2002-2015 Free Software Foundation, Inc. ;; Author: Simon Josefsson ;; Keywords: comm, tls, gnutls, ssl @@ -80,8 +80,7 @@ and `gnutls-cli' (version 2.0.1) output." "List of strings containing commands to start TLS stream to a host. Each entry in the list is tried until a connection is successful. %h is replaced with server hostname, %p with port to connect to. -The program should read input on stdin and write output to -stdout. +The program should read input on stdin and write output to stdout. See `tls-checktrust' on how to check trusted root certs. @@ -138,7 +137,7 @@ the external program knows about the root certificates you consider trustworthy, e.g.: \(setq tls-program - '(\"gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h\" + \\='(\"gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h\" \"gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h --protocols ssl3\" \"openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2 -ign_eof\"))" :type '(choice (const :tag "Always" t) @@ -168,13 +167,18 @@ this to nil if you want to ignore host name mismatches." :version "23.1" ;; No Gnus :group 'tls) -(defcustom tls-certtool-program (executable-find "certtool") - "Name of GnuTLS certtool. +(defcustom tls-certtool-program "certtool" + "Name of GnuTLS certtool. Used by `tls-certificate-information'." :version "22.1" :type 'string :group 'tls) +(defalias 'tls-format-message + (if (fboundp 'format-message) 'format-message + ;; for Emacs < 25, and XEmacs, don't worry about quote translation. + 'format)) + (defun tls-certificate-information (der) "Parse X.509 certificate in DER format into an assoc list." (let ((certificate (concat "-----BEGIN CERTIFICATE-----\n" @@ -276,8 +280,8 @@ Fourth arg PORT is an integer specifying a port to connect to." (message "The certificate presented by `%s' is \ NOT trusted." host)) (not (yes-or-no-p - (format "The certificate presented by `%s' is \ -NOT trusted. Accept anyway? " host))))) + (tls-format-message "\ +The certificate presented by `%s' is NOT trusted. Accept anyway? " host))))) (and tls-hostmismatch (save-excursion (goto-char (point-min)) @@ -286,7 +290,10 @@ NOT trusted. Accept anyway? " host))))) (format "Host name in certificate doesn't \ match `%s'. Connect anyway? " host)))))) (setq done nil) - (delete-process process))) + (delete-process process)) + ;; Delete all the informational messages that could confuse + ;; future uses of `buffer'. + (delete-region (point-min) (point))) (message "Opening TLS connection to `%s'...%s" host (if done "done" "failed")) (when use-temp-buffer