[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: url library and GnuTLS, and Emacs-issued certificates
From: |
Lars Magne Ingebrigtsen |
Subject: |
Re: url library and GnuTLS, and Emacs-issued certificates |
Date: |
Thu, 24 Mar 2011 20:45:26 +0100 |
User-agent: |
Gnus/5.110016 (No Gnus v0.16) Emacs/24.0.50 (gnu/linux) |
Chong Yidong <address@hidden> writes:
> How about gnutls.el? If I understand correctly, open-gnutls-stream
> works just like open-tls-stream, except it uses the gnutls library
> directly instead of using a command line client---and it does not
> support the mode of operation provided in starttls.el. Correct?
No, with gnutls.c, we just open a normal network stream (with
`open-network-stream'), and then if it turns out that the server
supports STARTTLS, we just put the server in STARTTLS mode and then
issue a `gnutls-negotiate' call.
> Also, does this mean it's impossible to use open-tls-stream and
> open-gnutls-stream to opportunistically open a TLS stream? I see that
> proto-stream.el, in `network' mode, opens a connection using
> starttls-open-stream and then uses gnutls-negotiate from gnutls.el to do
> the negotiation; what's the advantage of doing this?
Looking at the code in `proto-stream-open-network', I can see why you
think it's doing that, but it's not. I hope. :-) That function is
somewhat hairy because of all the combinations in the
do-opportunistic-upgrade/do-forced-upgrade/starttls.el/gnutls.c/do-support-STARTTLS
matrix, as well as error handling...
But for the "gnutls where the server supports STARTTLS and there's no
errors" case, it should just be doing
(defun proto-stream-open-network (name buffer host service parameters)
[...]
(stream (open-network-stream name buffer host service))
[...]
;; The server said it was OK to start doing STARTTLS negotiations.
(if (fboundp 'open-gnutls-stream)
(gnutls-negotiate stream nil)
--
(domestic pets only, the antidote for overdose, milk.)
address@hidden * Lars Magne Ingebrigtsen
- Re: expand tls to elpa.gnu.org, (continued)
- Re: expand tls to elpa.gnu.org, Ted Zlatanov, 2011/03/21
- Re: expand tls to elpa.gnu.org, Chong Yidong, 2011/03/21
- url library and GnuTLS, and Emacs-issued certificates (was: expand tls to elpa.gnu.org), Ted Zlatanov, 2011/03/21
- Re: url library and GnuTLS, and Emacs-issued certificates, Ted Zlatanov, 2011/03/23
- Re: url library and GnuTLS, and Emacs-issued certificates, Chong Yidong, 2011/03/23
- Re: url library and GnuTLS, and Emacs-issued certificates, Ted Zlatanov, 2011/03/23
- Re: url library and GnuTLS, and Emacs-issued certificates, Lars Magne Ingebrigtsen, 2011/03/23
- Re: url library and GnuTLS, and Emacs-issued certificates, Chong Yidong, 2011/03/23
- Re: url library and GnuTLS, and Emacs-issued certificates, Lars Magne Ingebrigtsen, 2011/03/24
- Re: url library and GnuTLS, and Emacs-issued certificates, Chong Yidong, 2011/03/24
- Re: url library and GnuTLS, and Emacs-issued certificates,
Lars Magne Ingebrigtsen <=
- Re: url library and GnuTLS, and Emacs-issued certificates, Chong Yidong, 2011/03/24
- Re: url library and GnuTLS, and Emacs-issued certificates, Ted Zlatanov, 2011/03/24
- Re: url library and GnuTLS, and Emacs-issued certificates, Lars Magne Ingebrigtsen, 2011/03/24
- Re: url library and GnuTLS, and Emacs-issued certificates, Chong Yidong, 2011/03/26
- Re: url library and GnuTLS, and Emacs-issued certificates, Lars Magne Ingebrigtsen, 2011/03/26
- Re: url library and GnuTLS, and Emacs-issued certificates, Chong Yidong, 2011/03/26
- Re: url library and GnuTLS, and Emacs-issued certificates, Lars Magne Ingebrigtsen, 2011/03/27
- Re: url library and GnuTLS, and Emacs-issued certificates, Lars Magne Ingebrigtsen, 2011/03/26
- Re: url library and GnuTLS, and Emacs-issued certificates, Chong Yidong, 2011/03/26
- Re: url library and GnuTLS, and Emacs-issued certificates, Lars Magne Ingebrigtsen, 2011/03/27