* lisp/net/net-utils.el (nslookup-host-ipv4, nslookup-host-ipv6,
ipv6-expand): New functions to lookup IPv4 and IPv6 addresses from
DNS.
* lisp/net/nsm.el (nsm-trust-local-network, nsm-should-check,
nsm-check-tls-connection, nsm-check-plain-connection): New defcustom
`nsm-trust-local-network' lets users customize whether NSM should
check for TLS problems when connecting to the hosts on their local
networks. `nsm-should-check' determines whether
`nsm-check-tls-connection' and `nsm-check-plain-connection' should
perform checks. localhost is implicitly trusted, thus checks are
never performed there.
* lisp/net/nsm.el (network-security-level, nsm-level,
nsm-new-fingerprint-ok-p): Remove `paranoid' level and related code.
* lisp/net/nsm.el (nsm-tls-checks, nsm-tls-check-version,
nsm-tls-check-compression, nsm-tls-check-renegotiation-info-ext,
nsm-tls-check-verify-cert, nsm-tls-check-same-cert,
nsm-tls-check-null-suite, nsm-tls-check-export-kx,
nsm-tls-check-anon-kx, nsm-tls-check-md5-sig,
nsm-tls-check-rc4-cipher, nsm-tls-check-dhe-prime-kx,
nsm-tls-check-sha1-sig, nsm-tls-check-ecdsa-cbc-cipher
nsm-tls-check-dhe-kx, nsm-tls-check-rsa-kx,
nsm-tls-check-3des-cipher, nsm-tls-check-cbc-cipher,
nsm-save-fingerprint-maybe, nsm-tls-post-check-functions): New
options and functions for checking TLS handshake problems.
* lisp/net/nsm.el (nsm-check-certificate,
network-security-protocol-checks,
nsm-protocol-check--diffie-hellman-prime-bits,
nsm-protocol-check--3des, nsm-protocol-check--rc4,
nsm-protocol-check--signature-sha1,
nsm-protocol-check--intermediate-sha1, nsm-protocol-check--ssl,
nsm-check-protocol): Remove in favor of `nsm-tls-checks' and
`nsm-tls-check-*' functions.
* lisp/net/nsm.el (nsm-verify-connection): Ensure connection is
checked even when `network-security-level' is `low'.
* lisp/net/nsm.el (nsm-check-tls-connection): Batch all problems found
before querying the user.
* lisp/net/nsm.el (nsm--encryption): Renamed to `nsm-cipher-suite'.
* lisp/net/nsm.el (nsm-fingerprint-ok-p): No longer prompt when
certificate fingerprints mismatch. Returns a boolean instead when
the fingerprint of the certificate received matches the saved
fingerprints.
* lisp/net/nsm.el (nsm-query): Change signature. Accepts a list of
problems and a preformatted message instead of just a message format
and the arguments for the message.
* lisp/net/nsm.el (nsm-query-user): Change signature. Accepts a
preformatted message and the peer status of the handshake instead of
a message format, its arguments and the certificate for the host.
* lisp/net/nsm.el (nsm-save-host): Change signature. Accepts a list of
problems after the WHAT parameter. Saves multiple fingerprints for
the same host in case the host load balances a TLS server with more
than one certificates signed with different keys. Makes sure
conditions are not removed when updating a fingerprint.
* lisp/net/nsm.el (nsm-format-certificate): Display the TLS handshake's
renegotiation info extension, compression level, encrypt-then-MAC
extension, and key exchange prime bit length.
* src/gnutls.c (gnutls-peer-status-warning-describe,
gnutls-peer-status): Check for certificate verification problems
introduced since GnuTLS 3.1.
* src/gnutls.c (gnutls-peer-status): `:compression', `:encrypt-then-mac'
and `:safe-renegotiation' are now contained in the peer status
result return value.
* doc/emacs/misc.texi (Network Security): Update the doc to say
what's on the different levels.
* lisp/net/nsm.el (nsm-protocol-check--intermediary-sha1): Check
intermediary certificates for SHA1.
(nsm-protocol-check--3des): Check for 3DES ciphers.
(network-security-protocol-checks): Put most of the checks on
`medium'.
* doc/emacs/misc.texi (Network Security): Mention
network-security-protocol-checks.
* lisp/net/nsm.el (network-security-protocol-checks): New variable.
(nsm-check-protocol): Refactor the checks into separate functions
for greater flexibility.
(nsm-protocol-check--diffie-hellman-prime-bits)
(nsm-protocol-check--rc4, nsm-protocol-check--ssl)
(nsm-protocol-check--signature-sha1): Refactored out of the big
function.
Most of this change is to boilerplate commentary such as license URLs.
This change was prompted by ftp://ftp.gnu.org's going-away party,
planned for November. Change these FTP URLs to https://ftp.gnu.org
instead. Make similar changes for URLs to other organizations moving
away from FTP. Also, change HTTP to HTTPS for URLs to gnu.org and
fsf.org when this works, as this will further help defend against
man-in-the-middle attacks (for this part I omitted the MS-DOS and
MS-Windows sources and the test tarballs to keep the workload down).
HTTPS is not fully working to lists.gnu.org so I left those URLs alone
for now.
* lisp/doc-view.el, lisp/filenotify.el, lisp/info-look.el:
* lisp/svg.el, lisp/emacs-lisp/byte-opt.el, lisp/net/shr.el:
* lisp/textmodes/sgml-mode.el, test/lisp/dom-tests.el:
No need to load subr-x at run-time.
* lisp/gnus/nnheader.el: No need to load subr-x.
; * lisp/emacs-lisp/subr-x.el, lisp/gnus/message.el, lisp/net/nsm.el:
; Comments.
* lisp/faces.el (read-multiple-choice-face): Fix doc string.
* lisp/emacs-lisp/subr-x.el (read-multiple-choice): Move here
from subr.el.
* lisp/gnus/message.el (subr-x): Ditto.
* lisp/net/nsm.el: Require subr-x for read-multiple-choice.
read-multiple-choice doesn't need to be in the dumped Emacs, so move
it to a less central file.
* net/nsm.el (nsm-format-certificate): Don't bug out on missing
elements.
(nsm-warnings-ok-p): The new version of this function always
returned nil when everything was OK.
* processes.texi (Network): Mention the new :warn-unless-encrypted
parameter to `open-network-stream'.
(Network): Mention the Network Security Manager.
* net/nsm.el: New file that implements a Network Security Manager.
* net/network-stream.el (open-network-stream): Add a new
:warn-unless-encrypted parameter.
(network-stream-open-plain): Allow warning unless encrypted.
(network-stream-open-starttls): Call the Network Security Manager.
(network-stream-open-tls): Ditto.
