GnuTLS invasion of Emacs (was: Emacs 24.0.93 Pretest Windows Binaries published)

[Ted Zlatanov]

On Fri, 03 Feb 2012 09:48:39 +0200 Eli Zaretskii <address@hidden> wrote: 

>> From: Ted Zlatanov <address@hidden>
>> 
>> GnuTLS provides SSL and TLS encryption for any network connection, hence
>> "secure networking" in my earlier message.  It can encrypt e-mail
>> protocols like IMAP and SMTP but does not deal with e-mail messages.

EZ> What other features in Emacs use TLS as of this writing?  I thought
EZ> only email protocols do, which is why I described GnuTLS as I did.

Any network connection can use it.  I think Lars introduced that option,
and at least HTTP/S connections can use it.

EZ> If other protocols we have can be secured by GnuTLS, there seems to be
EZ> a gap in our documentation, because I couldn't find any place where
EZ> that is mentioned, except in relation to SMTP and the likes.

(subject adjusted accordingly)

It's a replacement for the previous libraries that managed secure
connections, except it doesn't depend on external binaries.  So it
really doesn't change much in terms of Emacs functionality, only in the
underlying implementation.  There is one annoying detail with the cert
bundle on W32.  It defaults to /etc/ssl/certs/ca-certificates.crt which
is not valid on W32 and on many other platforms.  See
`open-gnutls-stream' and the rest of gnutls.el.  I was going to bring in
the Mozilla cert bundle with the binary installer I'm planning so I
didn't attack this problem sooner; if you have suggestions for the
default cert bundle on W32 let me know.

Thanks
Ted