Re: GNU TLS lisp bindings

[William M. Perry]

Simon Josefsson <address@hidden> writes:

> I rewrote my native TLS support for Emacs using GNU TLS instead of
> Open SSL:
> 
> http://josefsson.org/securemacs/
> 
> Beware, the patch is very ugly but at least it allows me to read my mail
> over TLS with Gnus.
> 
> Install GNU TLS, do "aclocal" and "autoconf" in the Emacs directory after
> applying the patch, build Emacs and load "gnutls.el" and you should have
> the usual `open-ssl-stream' available.

What are people's thoughts on whether this (or something similar) will get
included?  I've been dealing a lot with our SSL implementation here at
aventail, and originally did some SSL integration years and years ago (when
OpenSSL was still called SSLeay :) that couldn't be included because of
export restrictions and the use of SSLeay, which was not free enough.  I
would _love_ to see this as part of the base distribution.

Being able to do SSL is becoming more and more important.  There are
existing hacks to do this (my ssl.el and the starttls.el that is floating
around), but they don't get you _real_ integration.

What would be ideal is if we could somehow expose the GNU TLS API (thats a
lot of caps :) directly in emacs-lisp.  Then open-ssl-stream could be
written completely in emacs-lisp, and callbacks to verify certificates
could be implemented in lisp as well.  I think this would be necessary to
allow applications within emacs to have different security policies
(Emacs/W3 would probably be more `open' than Gnus by default).

-bp
-- 
Ceterum censeo vi esse delendam