Secure package.el interactions

This commit is contained in:
Ivan Malison 2015-11-13 23:10:56 -08:00
parent fd06a67fd3
commit a6edc28b4e

View File

@ -51,6 +51,44 @@
(defvar grep-find-ignored-files nil)
(defvar grep-find-ignored-directories nil)
;; =============================================================================
;; Security
;; =============================================================================
(defvar imalison:secure t)
(defun imalison:use-https-and-tls ()
(setq tls-checktrust t)
(let ((trustfile
(replace-regexp-in-string
"\\\\" "/"
(replace-regexp-in-string
"\n" ""
(shell-command-to-string "python -m certifi")))))
(setq tls-program
(list
(format "gnutls-cli%s --x509cafile %s -p %%p %%h"
(if (eq window-system 'w32) ".exe" "") trustfile)))))
(defun imalison:test-security ()
(interactive)
(let ((bad-hosts
(loop for bad
in `("https://wrong.host.badssl.com/"
"https://self-signed.badssl.com/")
if (condition-case e
(url-retrieve
bad (lambda (retrieved) t))
(error nil))
collect bad)))
(if bad-hosts
(error (format "tls misconfigured; retrieved %s ok"
bad-hosts))
(url-retrieve "https://badssl.com"
(lambda (retrieved) t)))))
(when imalison:secure (imalison:use-https-and-tls))
;; =============================================================================
;; ELPA/package.el/MELPA
;; =============================================================================