diff options
Diffstat (limited to 'lisp/net/nsm.el')
| -rw-r--r-- | lisp/net/nsm.el | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el index 31f2b32792f..ebdeeccc2c8 100644 --- a/lisp/net/nsm.el +++ b/lisp/net/nsm.el @@ -183,7 +183,9 @@ unencrypted." (defun nsm-check-protocol (process host port status settings) (let ((prime-bits (plist-get status :diffie-hellman-prime-bits)) - (encryption (format "%s-%s-%s" + (signature-algorithm + (plist-get (plist-get status :certificate) :signature-algorithm)) + (encryption (format "%s-%s-%s" (plist-get status :key-exchange) (plist-get status :cipher) (plist-get status :mac))) @@ -209,6 +211,15 @@ unencrypted." host port encryption))) (delete-process process) nil) + ((and (string-match "\\bSHA1\\b" signature-algorithm) + (not (memq :signature-sha1 (plist-get settings :conditions))) + (not + (nsm-query + host port status :signature-sha1 + "The certificate used to verify the connection to %s:%s uses the SHA1 algorithm (%s), which is believed to be unsafe." + host port signature-algorithm))) + (delete-process process) + nil) ((and protocol (string-match "SSL" protocol) (not (memq :ssl (plist-get settings :conditions))) |