Disabled TLS certificate validation by default.

[elpher.git] / elpher.el

diff --git a/elpher.el b/elpher.el
index f1e7fb8..d8193b9 100644 (file)
--- a/elpher.el
+++ b/elpher.el
@@ -186,6 +186,17 @@ The default behaviour is to use the ansi-color package to interpret these
 sequences."
   :type '(boolean))
 
+(defcustom elpher-TLS-cert-checks nil
+  "If non-nil, verify server TLS certificates using the default
+emacs security protocol. Otherwise, certificate verification is disabled.
+
+This defaults to off because it is standard practice for Gemini servers
+to use self-signed certificates, meaning that most servers provide what
+emacs considers to be an invalid certificate.  Since non-Gemini uses such
+as gophers:// are essentially edge cases that rarely occur in the wild,
+this setting applies to *all* TLS connections made by Elpher."
+  :type '(boolean))
+
 ;;; Model
 ;;
 
@@ -434,6 +445,8 @@ unless NO-HISTORY is non-nil."
   (list 'with-current-buffer "*elpher*"
         '(elpher-mode)
         (append (list 'let '((inhibit-read-only t))
+                      '(unless elpher-TLS-cert-checks
+                         (setq-local network-security-level 'low))
                       '(erase-buffer)
                       '(elpher-update-header))
                 args)))
@@ -506,7 +519,7 @@ to ADDRESS."
       (let* ((kill-buffer-query-functions nil)
              (port (elpher-address-port address))
              (host (elpher-address-host address))
-             (selector-string "")
+             (selector-string-parts nil)
              (proc (open-network-stream "elpher-process"
                                         nil
                                         (if force-ipv4 (dns-query host) host)
@@ -538,8 +551,8 @@ to ADDRESS."
         (set-process-filter proc
                             (lambda (_proc string)
                               (cancel-timer timer)
-                              (setq selector-string
-                                    (concat selector-string string))))
+                              (setq selector-string-parts
+                                    (cons string selector-string-parts))))
         (set-process-sentinel proc
                               (lambda (_proc event)
                                 (condition-case the-error
@@ -553,7 +566,8 @@ to ADDRESS."
                                                  "\r\n"))))
                                      (t
                                       (cancel-timer timer)
-                                      (funcall renderer selector-string)
+                                      (funcall renderer (apply #'concat
+                                                               (reverse selector-string-parts)))
                                       (elpher-restore-pos)))
                                   (error
                                    (elpher-network-error address the-error))))))
@@ -1086,7 +1100,7 @@ For instance, the filename /a/b/../c/./d will reduce to /a/c/d"
                  (port (let ((given-port (elpher-address-port address)))
                          (if (> given-port 0) given-port 79)))
                  (host (elpher-address-host address))
-                 (selector-string "")
+                 (selector-string-parts nil)
                  (proc (open-network-stream "elpher-process"
                                             nil
                                             (if force-ipv4 (dns-query host) host)
@@ -1107,8 +1121,8 @@ For instance, the filename /a/b/../c/./d will reduce to /a/c/d"
             (set-process-filter proc
                                 (lambda (_proc string)
                                   (cancel-timer timer)
-                                  (setq selector-string
-                                        (concat selector-string string))))
+                                  (setq selector-string-parts
+                                        (cons string selector-string-parts))))
             (set-process-sentinel proc
                                   (lambda (_proc event)
                                     (condition-case the-error
@@ -1121,7 +1135,8 @@ For instance, the filename /a/b/../c/./d will reduce to /a/c/d"
                                              (concat user "\r\n"))))
                                          (t
                                           (cancel-timer timer)
-                                          (funcall renderer selector-string)
+                                          (funcall renderer (apply #'concat
+                                                                   (reverse selector-string-parts)))
                                           (elpher-restore-pos)))))))
         (error
          (elpher-network-error address the-error))))))