Mercurial > emacs
annotate lisp/net/gnutls.el @ 112398:0bfcbd0b704b
* gnus-art.el (gnus-button-alist, gnus-button-handle-info-keystrokes):
Don't confuse the "ret" of "retrograde" with RET.
author | Stefan Monnier <monnier@iro.umontreal.ca> |
---|---|
date | Fri, 21 Jan 2011 12:38:33 -0500 |
parents | 6378d1b57038 |
children |
rev | line source |
---|---|
110752
a347bc5bfc03
Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents:
110745
diff
changeset
|
1 ;;; gnutls.el --- Support SSL/TLS connections through GnuTLS |
111296
5227b2c896bb
* net/gnutls.el (gnutls-boot, gnutls-errorp, gnutls-error-string): Declare.
Glenn Morris <rgm@gnu.org>
parents:
110752
diff
changeset
|
2 |
112275
6378d1b57038
Add 2011 to remaining FSF/AIST copyright years.
Glenn Morris <rgm@gnu.org>
parents:
111951
diff
changeset
|
3 ;; Copyright (C) 2010, 2011 Free Software Foundation, Inc. |
110584 | 4 |
5 ;; Author: Ted Zlatanov <tzz@lifelogs.com> | |
6 ;; Keywords: comm, tls, ssl, encryption | |
7 ;; Originally-By: Simon Josefsson (See http://josefsson.org/emacs-security/) | |
110752
a347bc5bfc03
Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents:
110745
diff
changeset
|
8 ;; Thanks-To: Lars Magne Ingebrigtsen <larsi@gnus.org> |
110584 | 9 |
10 ;; This file is part of GNU Emacs. | |
11 | |
12 ;; GNU Emacs is free software: you can redistribute it and/or modify | |
13 ;; it under the terms of the GNU General Public License as published by | |
14 ;; the Free Software Foundation, either version 3 of the License, or | |
15 ;; (at your option) any later version. | |
16 | |
17 ;; GNU Emacs is distributed in the hope that it will be useful, | |
18 ;; but WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 ;; GNU General Public License for more details. | |
21 | |
22 ;; You should have received a copy of the GNU General Public License | |
23 ;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>. | |
24 | |
25 ;;; Commentary: | |
26 | |
27 ;; This package provides language bindings for the GnuTLS library | |
28 ;; using the corresponding core functions in gnutls.c. | |
29 | |
30 ;; Simple test: | |
31 ;; | |
110752
a347bc5bfc03
Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents:
110745
diff
changeset
|
32 ;; (open-gnutls-stream "tls" "tls-buffer" "yourserver.com" "https") |
a347bc5bfc03
Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents:
110745
diff
changeset
|
33 ;; (open-gnutls-stream "tls" "tls-buffer" "imap.gmail.com" "imaps") |
110584 | 34 |
35 ;;; Code: | |
36 | |
110611
6c735824d0c1
Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110606
diff
changeset
|
37 (defgroup gnutls nil |
6c735824d0c1
Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110606
diff
changeset
|
38 "Emacs interface to the GnuTLS library." |
6c735824d0c1
Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110606
diff
changeset
|
39 :prefix "gnutls-" |
6c735824d0c1
Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110606
diff
changeset
|
40 :group 'net-utils) |
6c735824d0c1
Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110606
diff
changeset
|
41 |
110648
256dd50b2a63
Make sure all reads/writes to gnutls streams go via the gnutls functions.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110611
diff
changeset
|
42 (defcustom gnutls-log-level 0 |
110611
6c735824d0c1
Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110606
diff
changeset
|
43 "Logging level to be used by `starttls-negotiate' and GnuTLS." |
6c735824d0c1
Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110606
diff
changeset
|
44 :type 'integer |
6c735824d0c1
Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110606
diff
changeset
|
45 :group 'gnutls) |
6c735824d0c1
Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110606
diff
changeset
|
46 |
110752
a347bc5bfc03
Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents:
110745
diff
changeset
|
47 (defun open-gnutls-stream (name buffer host service) |
a347bc5bfc03
Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents:
110745
diff
changeset
|
48 "Open a SSL/TLS connection for a service to a host. |
110584 | 49 Returns a subprocess-object to represent the connection. |
50 Input and output work as for subprocesses; `delete-process' closes it. | |
51 Args are NAME BUFFER HOST SERVICE. | |
52 NAME is name for process. It is modified if necessary to make it unique. | |
53 BUFFER is the buffer (or `buffer-name') to associate with the process. | |
54 Process output goes at end of that buffer, unless you specify | |
55 an output stream or filter function to handle the output. | |
56 BUFFER may be also nil, meaning that this process is not associated | |
57 with any buffer | |
58 Third arg is name of the host to connect to, or its IP address. | |
59 Fourth arg SERVICE is name of the service desired, or an integer | |
110752
a347bc5bfc03
Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents:
110745
diff
changeset
|
60 specifying a port number to connect to. |
110584 | 61 |
110752
a347bc5bfc03
Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents:
110745
diff
changeset
|
62 This is a very simple wrapper around `gnutls-negotiate'. See its |
a347bc5bfc03
Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents:
110745
diff
changeset
|
63 documentation for the specific parameters you can use to open a |
a347bc5bfc03
Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents:
110745
diff
changeset
|
64 GnuTLS connection, including specifying the credential type, |
a347bc5bfc03
Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents:
110745
diff
changeset
|
65 trust and key files, and priority string." |
a347bc5bfc03
Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents:
110745
diff
changeset
|
66 (let ((proc (open-network-stream name buffer host service))) |
a347bc5bfc03
Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents:
110745
diff
changeset
|
67 (gnutls-negotiate proc 'gnutls-x509pki))) |
a347bc5bfc03
Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents:
110745
diff
changeset
|
68 |
111296
5227b2c896bb
* net/gnutls.el (gnutls-boot, gnutls-errorp, gnutls-error-string): Declare.
Glenn Morris <rgm@gnu.org>
parents:
110752
diff
changeset
|
69 (declare-function gnutls-boot "gnutls.c" (proc type proplist)) |
5227b2c896bb
* net/gnutls.el (gnutls-boot, gnutls-errorp, gnutls-error-string): Declare.
Glenn Morris <rgm@gnu.org>
parents:
110752
diff
changeset
|
70 |
110752
a347bc5bfc03
Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents:
110745
diff
changeset
|
71 (defun gnutls-negotiate (proc type &optional priority-string |
a347bc5bfc03
Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents:
110745
diff
changeset
|
72 trustfiles keyfiles) |
a347bc5bfc03
Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents:
110745
diff
changeset
|
73 "Negotiate a SSL/TLS connection. |
110745
af2db97ca17a
Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110649
diff
changeset
|
74 TYPE is `gnutls-x509pki' (default) or `gnutls-anon'. Use nil for the default. |
af2db97ca17a
Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110649
diff
changeset
|
75 PROC is a process returned by `open-network-stream'. |
af2db97ca17a
Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110649
diff
changeset
|
76 PRIORITY-STRING is as per the GnuTLS docs, default is \"NORMAL\". |
af2db97ca17a
Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110649
diff
changeset
|
77 TRUSTFILES is a list of CA bundles. |
af2db97ca17a
Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110649
diff
changeset
|
78 KEYFILES is a list of client keys." |
af2db97ca17a
Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110649
diff
changeset
|
79 (let* ((type (or type 'gnutls-x509pki)) |
111951
027c7b917c8a
* net/gnutls.el (gnutls-negotiate): Fix setting of default trustfiles.
Romain Francoise <romain@orebokech.com>
parents:
111296
diff
changeset
|
80 (trustfiles (or trustfiles |
110745
af2db97ca17a
Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110649
diff
changeset
|
81 '("/etc/ssl/certs/ca-certificates.crt"))) |
110584 | 82 (priority-string (or priority-string |
83 (cond | |
110745
af2db97ca17a
Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110649
diff
changeset
|
84 ((eq type 'gnutls-anon) |
110584 | 85 "NORMAL:+ANON-DH:!ARCFOUR-128") |
110745
af2db97ca17a
Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110649
diff
changeset
|
86 ((eq type 'gnutls-x509pki) |
110584 | 87 "NORMAL")))) |
110745
af2db97ca17a
Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110649
diff
changeset
|
88 (params `(:priority ,priority-string |
af2db97ca17a
Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110649
diff
changeset
|
89 :loglevel ,gnutls-log-level |
af2db97ca17a
Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110649
diff
changeset
|
90 :trustfiles ,trustfiles |
af2db97ca17a
Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110649
diff
changeset
|
91 :keyfiles ,keyfiles |
af2db97ca17a
Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110649
diff
changeset
|
92 :callbacks nil)) |
110584 | 93 ret) |
94 | |
95 (gnutls-message-maybe | |
110745
af2db97ca17a
Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110649
diff
changeset
|
96 (setq ret (gnutls-boot proc type params)) |
110584 | 97 "boot: %s") |
98 | |
110648
256dd50b2a63
Make sure all reads/writes to gnutls streams go via the gnutls functions.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents:
110611
diff
changeset
|
99 proc)) |
110584 | 100 |
111296
5227b2c896bb
* net/gnutls.el (gnutls-boot, gnutls-errorp, gnutls-error-string): Declare.
Glenn Morris <rgm@gnu.org>
parents:
110752
diff
changeset
|
101 (declare-function gnutls-errorp "gnutls.c" (error)) |
5227b2c896bb
* net/gnutls.el (gnutls-boot, gnutls-errorp, gnutls-error-string): Declare.
Glenn Morris <rgm@gnu.org>
parents:
110752
diff
changeset
|
102 (declare-function gnutls-error-string "gnutls.c" (error)) |
5227b2c896bb
* net/gnutls.el (gnutls-boot, gnutls-errorp, gnutls-error-string): Declare.
Glenn Morris <rgm@gnu.org>
parents:
110752
diff
changeset
|
103 |
110584 | 104 (defun gnutls-message-maybe (doit format &rest params) |
105 "When DOIT, message with the caller name followed by FORMAT on PARAMS." | |
106 ;; (apply 'debug format (or params '(nil))) | |
107 (when (gnutls-errorp doit) | |
108 (message "%s: (err=[%s] %s) %s" | |
109 "gnutls.el" | |
110 doit (gnutls-error-string doit) | |
111 (apply 'format format (or params '(nil)))))) | |
112 | |
113 (provide 'gnutls) | |
114 | |
115 ;;; gnutls.el ends here |