From a6edc28b4ec4bd1099a238dfcfcbda31ae11048d Mon Sep 17 00:00:00 2001 From: Ivan Malison Date: Fri, 13 Nov 2015 23:10:56 -0800 Subject: [PATCH] Secure package.el interactions --- dotfiles/emacs.d/init.el | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/dotfiles/emacs.d/init.el b/dotfiles/emacs.d/init.el index 50a19c8d..4297afb6 100644 --- a/dotfiles/emacs.d/init.el +++ b/dotfiles/emacs.d/init.el @@ -51,6 +51,44 @@ (defvar grep-find-ignored-files nil) (defvar grep-find-ignored-directories nil) +;; ============================================================================= +;; Security +;; ============================================================================= + +(defvar imalison:secure t) + +(defun imalison:use-https-and-tls () + (setq tls-checktrust t) + (let ((trustfile + (replace-regexp-in-string + "\\\\" "/" + (replace-regexp-in-string + "\n" "" + (shell-command-to-string "python -m certifi"))))) + (setq tls-program + (list + (format "gnutls-cli%s --x509cafile %s -p %%p %%h" + (if (eq window-system 'w32) ".exe" "") trustfile))))) + +(defun imalison:test-security () + (interactive) + (let ((bad-hosts + (loop for bad + in `("https://wrong.host.badssl.com/" + "https://self-signed.badssl.com/") + if (condition-case e + (url-retrieve + bad (lambda (retrieved) t)) + (error nil)) + collect bad))) + (if bad-hosts + (error (format "tls misconfigured; retrieved %s ok" + bad-hosts)) + (url-retrieve "https://badssl.com" + (lambda (retrieved) t))))) + +(when imalison:secure (imalison:use-https-and-tls)) + ;; ============================================================================= ;; ELPA/package.el/MELPA ;; =============================================================================