Function: nsm-verify-connection

nsm-verify-connection is a byte-compiled function defined in nsm.el.gz.

Signature

(nsm-verify-connection PROCESS HOST PORT &optional SAVE-FINGERPRINT WARN-UNENCRYPTED)

Documentation

Verify the security status of PROCESS that's connected to HOST:PORT.

If PROCESS is a gnutls connection, the certificate validity will be examined. If it's a non-TLS connection, it may be compared against previous connections. If the function determines that there is something odd about the connection, the user will be queried about what to do about it.

The process is returned if everything is OK, and otherwise, the process will be deleted and nil is returned.

If SAVE-FINGERPRINT, always save the fingerprint of the server (if the connection is a TLS connection). This is useful to keep track of the TLS status of STARTTLS servers.

If WARN-UNENCRYPTED, query the user if the connection is unencrypted.

Source Code

;; Defined in /usr/src/emacs/lisp/net/nsm.el.gz
(defun nsm-verify-connection (process host port &optional
				      save-fingerprint warn-unencrypted)
  "Verify the security status of PROCESS that's connected to HOST:PORT.
If PROCESS is a gnutls connection, the certificate validity will
be examined.  If it's a non-TLS connection, it may be compared
against previous connections.  If the function determines that
there is something odd about the connection, the user will be
queried about what to do about it.

The process is returned if everything is OK, and otherwise, the
process will be deleted and nil is returned.

If SAVE-FINGERPRINT, always save the fingerprint of the
server (if the connection is a TLS connection).  This is useful
to keep track of the TLS status of STARTTLS servers.

If WARN-UNENCRYPTED, query the user if the connection is
unencrypted."
  (let* ((status (gnutls-peer-status process))
         (id (nsm-id host port))
         (settings (nsm-host-settings id)))
    (cond
     ((not (process-live-p process))
      nil)
     ((not status)
      ;; This is a non-TLS connection.
      (nsm-check-plain-connection process host port settings
                                  warn-unencrypted))
     (t
      (let ((process
             (nsm-check-tls-connection process host port status settings)))
        (when (and process save-fingerprint
                   (null (nsm-host-settings id)))
          (nsm-save-host host port status 'fingerprint nil 'always))
        process)))))