diff --git a/doc/lispref/processes.texi b/doc/lispref/processes.texi index 48429e6fd93..3c9da5c64cd 100644 --- a/doc/lispref/processes.texi +++ b/doc/lispref/processes.texi @@ -2088,8 +2088,8 @@ entirely. If the connection is unencrypted, but it was encrypted in previous sessions, the user will also be notified about this. -@vindex nsm-security-level -The @code{nsm-security-level} variable determines the security level. +@vindex network-security-level +The @code{network-security-level} variable determines the security level. If this is @code{low}, no security checks are performed. diff --git a/lisp/ChangeLog b/lisp/ChangeLog index 34ac2d31c4b..b4e5b7954e3 100644 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog @@ -1,5 +1,8 @@ 2014-11-23 Lars Magne Ingebrigtsen + * net/nsm.el (network-security-level): Rename from + `nsm-security-level' and documented. + * mail/smtpmail.el (smtpmail-via-smtp): Warn unless encrypted and we're sending a password. diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el index f51201a1270..fdbcd13d3ee 100644 --- a/lisp/net/nsm.el +++ b/lisp/net/nsm.el @@ -34,8 +34,31 @@ :version "25.1" :group 'comm) -(defcustom nsm-security-level 'medium - "How secure the network should be." +(defcustom network-security-level 'low + "How secure the network should be. +If a potential problem with the security of the network +connection is found, the user is asked to give input into how the +connection should be handled. + +The following values are possible: + +`low': Absolutely no checks are performed. + +`medium': This is the default level, and the following things will +be prompted for. + +* invalid, self-signed or otherwise unverifiable certificates +* whether a previously accepted unverifiable certificate has changed +* when a connection that was previously protected by STARTTLS is + now unencrypted + +`high': In addition to the above. + +* any certificate that changes its public key + +`paranoid': In addition to the above. + +* any new certificate that you haven't seen before" :version "25.1" :group 'nsm :type '(choice (const :tag "Low" low) @@ -80,7 +103,7 @@ to keep track of the TLS status of STARTTLS servers. If WARN-UNENCRYPTED, query the user if the connection is unencrypted." - (if (eq nsm-security-level 'low) + (if (eq network-security-level 'low) process (let* ((status (gnutls-peer-status process)) (id (nsm-id host port)) @@ -108,21 +131,21 @@ unencrypted." ;; certificate pinning. ((null warnings) (cond - ((< (nsm-level nsm-security-level) (nsm-level 'high)) + ((< (nsm-level network-security-level) (nsm-level 'high)) process) ;; The certificate is fine, but if we're paranoid, we might ;; want to check whether it's changed anyway. - ((and (>= (nsm-level nsm-security-level) (nsm-level 'high)) + ((and (>= (nsm-level network-security-level) (nsm-level 'high)) (not (nsm-fingerprint-ok-p host port status settings))) (delete-process process) nil) ;; We haven't seen this before, and we're paranoid. - ((and (eq nsm-security-level 'paranoid) + ((and (eq network-security-level 'paranoid) (null settings) (not (nsm-new-fingerprint-ok-p host port status))) (delete-process process) nil) - ((>= (nsm-level nsm-security-level) (nsm-level 'high)) + ((>= (nsm-level network-security-level) (nsm-level 'high)) ;; Save the host fingerprint so that we can check it the ;; next time we connect. (nsm-save-host host port status 'fingerprint 'always) @@ -131,7 +154,7 @@ unencrypted." process))) ;; The certificate did not validate. - ((not (equal nsm-security-level 'low)) + ((not (equal network-security-level 'low)) ;; We always want to pin the certificate of invalid connections ;; to track man-in-the-middle or the like. (if (not (nsm-fingerprint-ok-p host port status settings))