Re: SSL Elisp primitives

[Simon Josefsson]

On Tue, 1 May 2001, Stefan Monnier wrote:

> > I've been working on adding elisp primitives for SSL/TLS connections
> > (using the GPL'd NSS-library) yesterday, and I've got some basic
> > functionality.
>
> What would be the benefit of such an approach compared to something
> like ssl.el that just executes an external program instead ?

The possibility of supporting "upgrading" of an already connected TCP
socket to SSL.  Most IETF protocols seem to be moving towards this,
IMAP and SMTP implementations have supported this for a while.  Also to
fine-tune the details of the SSL connection (like which user certificate
is used, display of the server certificate, verification of the server
certificate etc).

External programs have different set of features, bugs and command line
arguments depending on how it was compiled.  This was a major headache
when implementing S/MIME support, and is likely to be if more advanced SSL
features should be supported as well.  And NSS supports S/MIME and oodles
of other security related stuff as well, so it might be used as "the"
security library for emacs. (OpenSSL is not GPL, while NSS is, GNU TLS
seem dead, and I'm not aware of other similar libraries.)

Of course, it is possible to solve this by writing external programs (and
this is what I've been doing in imap.el and my smtpmail.el-patch), but
it's more error-prone and less elegant.  It's solvable this way in the
same way that probably everything in emacs is possible to solve by calling
an external program.