[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: master 91c732f: Always check for client-certificates
From: |
Robert Pluim |
Subject: |
Re: master 91c732f: Always check for client-certificates |
Date: |
Sun, 17 Nov 2019 21:32:48 +0100 |
>>>>> On Sat, 16 Nov 2019 10:07:52 +0300, Dmitry Alexandrov <address@hidden>
>>>>> said:
Dmitry> From userʼs point of view it means: M-x eww RET https://gnu.org or
M-x
Dmitry> list-packages or something else equally anonymous by nature may
Dmitry> eventually request a passphrase to decrypt private GPG key (that
one,
Dmitry> which was used to encrypt ~/.authinfo.gpg), and fail if request is
Dmitry> rejected.
If the user already trusts Emacs with access to .authinfo.gpg, then
nothing new is happening. If they donʼt then they should customize
'auth-sources'.
If they specifically want to prevent Emacs performing decryption for
network access, then they can customize
'network-stream-use-client-certificates'. We can of course discuss the
default value, but nobody objected during the development of the
feature.
The failure when access is refused is a bug. How does the following
work for you:
commit 41e31c45519b0df6846e73557fba718f1ee29394
Author: Robert Pluim <address@hidden>
AuthorDate: Sun Nov 17 21:21:48 2019 +0100
Commit: Robert Pluim <address@hidden>
CommitDate: Sun Nov 17 21:25:22 2019 +0100
Handle auth-source-search failures in open-network-stream
If the user cancels the gpg decryption pop-up, auth-source-search
fails *and* epa pops up an error buffer. Fix epa to allow suppressing
that, and ignore errors returned from auth-source-search.
* lisp/epa.el (epa-suppress-error-buffer): New defvar. Bind non-nil
to stop epa popping up an error buffer.
* lisp/net/network-stream.el: require epa when byte-compiling.
(network-stream-certificate): ignore errors when calling
auth-source-search, and suppress the epa error buffer.
diff --git a/lisp/epa.el b/lisp/epa.el
index a2be9a3dbd..13708d046d 100644
--- a/lisp/epa.el
+++ b/lisp/epa.el
@@ -179,6 +179,7 @@ epa-key
(defvar epa-list-keys-arguments nil)
(defvar epa-info-buffer nil)
(defvar epa-error-buffer nil)
+(defvar epa-suppress-error-buffer nil)
(defvar epa-last-coding-system-specified nil)
(defvar epa-key-list-mode-map
@@ -578,7 +579,8 @@ epa-display-info
(message "%s" info)))
(defun epa-display-error (context)
- (unless (equal (epg-context-error-output context) "")
+ (unless (or (equal (epg-context-error-output context) "")
+ epa-suppress-error-buffer)
(let ((buffer (get-buffer-create "*Error*")))
(save-selected-window
(unless (and epa-error-buffer (buffer-live-p epa-error-buffer))
diff --git a/lisp/net/network-stream.el b/lisp/net/network-stream.el
index 1571c76189..4c6056e0c8 100644
--- a/lisp/net/network-stream.el
+++ b/lisp/net/network-stream.el
@@ -46,6 +46,9 @@
(require 'nsm)
(require 'puny)
+(eval-when-compile
+ (require 'epa)) ; for epa-suppress-error-buffer
+
(declare-function starttls-available-p "starttls" ())
(declare-function starttls-negotiate "starttls" (process))
(declare-function starttls-open-stream "starttls" (name buffer host port))
@@ -225,10 +228,12 @@ network-stream-certificate
;; Either nil or a list with a key/certificate pair.
spec)
((eq spec t)
- (let* ((auth-info
- (car (auth-source-search :max 1
- :host host
- :port service)))
+ (let* ((epa-suppress-error-buffer t)
+ (auth-info
+ (ignore-errors
+ (car (auth-source-search :max 1
+ :host host
+ :port service))))
(key (plist-get auth-info :key))
(cert (plist-get auth-info :cert)))
(and key cert (file-readable-p key) (file-readable-p cert)
- Re: master 91c732f: Always check for client-certificates, Dmitry Alexandrov, 2019/11/16
- Re: master 91c732f: Always check for client-certificates,
Robert Pluim <=
- Re: master 91c732f: Always check for client-certificates, Lars Ingebrigtsen, 2019/11/18
- Re: master 91c732f: Always check for client-certificates, Robert Pluim, 2019/11/18
- Re: master 91c732f: Always check for client-certificates, Eli Zaretskii, 2019/11/18
- Re: master 91c732f: Always check for client-certificates, Robert Pluim, 2019/11/18
- Re: master 91c732f: Always check for client-certificates, Eli Zaretskii, 2019/11/18
- Re: master 91c732f: Always check for client-certificates, Michael Welsh Duggan, 2019/11/19
- Re: master 91c732f: Always check for client-certificates, Lars Ingebrigtsen, 2019/11/19