Re: Emacs core TLS support

[Chong Yidong]

Ted Zlatanov <address@hidden> writes:

> Simon's code included a gnutls.el library, attached here.  It shows how
> to use it.

OK, that makes sense.  Though I feel queasy about this:

  (defconst gnutls-cipher-null 1)
  (defconst gnutls-cipher-arcfour 2)
  ...

being intended to map to

  typedef enum gnutls_cipher_algorithm
  {
    GNUTLS_CIPHER_UNKNOWN = 0,
    GNUTLS_CIPHER_NULL = 1,
    GNUTLS_CIPHER_ARCFOUR_128,
    ...

from gnutls.h.  The more Emacs-Lisp-y approach is to let the gnutls-*
built-in functions accept symbols rather than integers, i.e. instead of

   (gnutls-protocol-set-priority proc gnutls-tls1 gnutls-ssl3)

it should be called as

   (gnutls-protocol-set-priority proc 'gnutls-tls1 'gnutls-ssl3),

and `gnutls-protocol-set-priority' should internally convert those
symbol arguments to GNUTLS_SSL3 and GNUTLS_TLS1, and pass them to the
GnuTLS function gnutls_protocol_set_priority.

I think this can be done by taking Fsymbol_name of each argument, and
using the accessor functionss provided by the GnuTLS library, e.g.
`gnutls_protocol_get_id'.  (We thus avoid defining many dozens of Lisp
symbols beforehand, like Qssl3, Qtls1, etc.).  We can also be fancy, by
not requiring the `gnutls' part of the symbol argument and appending it
in the C code:

   (gnutls-protocol-set-priority proc 'tls1 'ssl3)

I realize this is a rather invasive change to the patch.  I suggest
separating the GnuTLS code into a separate file, gnutls.c, adding it to
the Emacs repository, and work from there.  Then you don't have to keep
sending the patch to the mailing list.