Secure package.el interactions

dotfiles/emacs.d/init.el

@@ -51,6 +51,44 @@
 (defvar grep-find-ignored-files nil)
 (defvar grep-find-ignored-directories nil)
 
+;; =============================================================================
+;;                                                                      Security
+;; =============================================================================
+
+(defvar imalison:secure t)
+
+(defun imalison:use-https-and-tls ()
+  (setq tls-checktrust t)
+  (let ((trustfile
+         (replace-regexp-in-string
+          "\\\\" "/"
+          (replace-regexp-in-string
+           "\n" ""
+           (shell-command-to-string "python -m certifi")))))
+    (setq tls-program
+          (list
+           (format "gnutls-cli%s --x509cafile %s -p %%p %%h"
+                   (if (eq window-system 'w32) ".exe" "") trustfile)))))
+
+(defun imalison:test-security ()
+  (interactive)
+  (let ((bad-hosts
+       (loop for bad
+             in `("https://wrong.host.badssl.com/"
+                  "https://self-signed.badssl.com/")
+             if (condition-case e
+                    (url-retrieve
+                     bad (lambda (retrieved) t))
+                  (error nil))
+             collect bad)))
+  (if bad-hosts
+      (error (format "tls misconfigured; retrieved %s ok"
+                     bad-hosts))
+    (url-retrieve "https://badssl.com"
+                  (lambda (retrieved) t)))))
+
+(when imalison:secure (imalison:use-https-and-tls))
+
 ;; =============================================================================
 ;;                                                         ELPA/package.el/MELPA
 ;; =============================================================================