Function: nsm-verify-connection

nsm-verify-connection is a byte-compiled function defined in nsm.el.gz.

Signature

(nsm-verify-connection PROCESS HOST PORT &optional SAVE-FINGERPRINT WARN-UNENCRYPTED)

Documentation

Verify the security status of PROCESS that's connected to HOST:PORT.

If PROCESS is a GnuTLS connection, the certificate validity will be examined. If it's a non-TLS connection, it may be compared against previous connections. If the function determines that there is something odd about the connection, the user will be queried about what to do about it.

Return the process if all the checks pass. Otherwise, delete the process and return nil.

If SAVE-FINGERPRINT, always save the fingerprint of the server (if the connection is a TLS connection). This is useful to keep track of the TLS status of STARTTLS servers.

If WARN-UNENCRYPTED, query the user if the connection is unencrypted.

Source Code

;; Defined in /usr/src/emacs/lisp/net/nsm.el.gz
(defun nsm-verify-connection (process host port &optional
				      save-fingerprint warn-unencrypted)
  "Verify the security status of PROCESS that's connected to HOST:PORT.
If PROCESS is a GnuTLS connection, the certificate validity will be
examined.  If it's a non-TLS connection, it may be compared against
previous connections.  If the function determines that there is
something odd about the connection, the user will be queried about what
to do about it.

Return the process if all the checks pass.  Otherwise, delete the
process and return nil.

If SAVE-FINGERPRINT, always save the fingerprint of the server (if the
connection is a TLS connection).  This is useful to keep track of the
TLS status of STARTTLS servers.

If WARN-UNENCRYPTED, query the user if the connection is unencrypted."
  (let* ((status (gnutls-peer-status process))
         (id (nsm-id host port))
         (settings (nsm-host-settings id)))
    (cond
     ((not (process-live-p process))
      nil)
     ((not status)
      ;; This is a non-TLS connection.
      (nsm-check-plain-connection process host port settings
                                  warn-unencrypted))
     (t
      (let ((process
             (nsm-check-tls-connection process host port status settings)))
        (when (and process save-fingerprint
                   (null (nsm-host-settings id)))
          (nsm-save-host host port status 'fingerprint nil 'always))
        process)))))