Merge from origin/emacs-25

861022f * doc/misc/texinfo.tex: Revert unwanted copyright change.
46e47a5 ; * etc/refcards/ru-refcard.tex (cyear): Update via M-x set-copyright.
71ea138 * lisp/align.el (align): Simplify a lambda
5618a50 * lisp/align.el (align): Fix arg order in call to `align-region'
1f680db Fix compilation next-error in buffers with selective-display
d20a948 * nsm.el (nsm-check-protocol): Fix typo in the message.
1da116f Add SHA1 warnings for high network security settings
e48bacd ; * etc/NEWS: Typo fix.

1 files changed, 12 insertions, 1 deletions

diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index 31f2b32792f..ebdeeccc2c8 100644
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -183,7 +183,9 @@ unencrypted."
 
 (defun nsm-check-protocol (process host port status settings)
   (let ((prime-bits (plist-get status :diffie-hellman-prime-bits))
-	(encryption (format "%s-%s-%s"
+        (signature-algorithm
+         (plist-get (plist-get status :certificate) :signature-algorithm))
+        (encryption (format "%s-%s-%s"
 			    (plist-get status :key-exchange)
 			    (plist-get status :cipher)
 			    (plist-get status :mac)))
@@ -209,6 +211,15 @@ unencrypted."
 	     host port encryption)))
       (delete-process process)
       nil)
+     ((and (string-match "\\bSHA1\\b" signature-algorithm)
+	   (not (memq :signature-sha1 (plist-get settings :conditions)))
+	   (not
+	    (nsm-query
+	     host port status :signature-sha1
+	     "The certificate used to verify the connection to %s:%s uses the SHA1 algorithm (%s), which is believed to be unsafe."
+	     host port signature-algorithm)))
+      (delete-process process)
+      nil)
      ((and protocol
 	   (string-match "SSL" protocol)
 	   (not (memq :ssl (plist-get settings :conditions)))