annotate lisp/net/gnutls.el @ 112398:0bfcbd0b704b

* gnus-art.el (gnus-button-alist, gnus-button-handle-info-keystrokes): Don't confuse the "ret" of "retrograde" with RET.
author Stefan Monnier <monnier@iro.umontreal.ca>
date Fri, 21 Jan 2011 12:38:33 -0500
parents 6378d1b57038
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
110752
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
1 ;;; gnutls.el --- Support SSL/TLS connections through GnuTLS
111296
5227b2c896bb * net/gnutls.el (gnutls-boot, gnutls-errorp, gnutls-error-string): Declare.
Glenn Morris <rgm@gnu.org>
parents: 110752
diff changeset
2
112275
6378d1b57038 Add 2011 to remaining FSF/AIST copyright years.
Glenn Morris <rgm@gnu.org>
parents: 111951
diff changeset
3 ;; Copyright (C) 2010, 2011 Free Software Foundation, Inc.
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
4
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
5 ;; Author: Ted Zlatanov <tzz@lifelogs.com>
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
6 ;; Keywords: comm, tls, ssl, encryption
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
7 ;; Originally-By: Simon Josefsson (See http://josefsson.org/emacs-security/)
110752
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
8 ;; Thanks-To: Lars Magne Ingebrigtsen <larsi@gnus.org>
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
9
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
10 ;; This file is part of GNU Emacs.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
11
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
12 ;; GNU Emacs is free software: you can redistribute it and/or modify
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
13 ;; it under the terms of the GNU General Public License as published by
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
14 ;; the Free Software Foundation, either version 3 of the License, or
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
15 ;; (at your option) any later version.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
16
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
17 ;; GNU Emacs is distributed in the hope that it will be useful,
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
18 ;; but WITHOUT ANY WARRANTY; without even the implied warranty of
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
19 ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
20 ;; GNU General Public License for more details.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
21
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
22 ;; You should have received a copy of the GNU General Public License
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
23 ;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
24
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
25 ;;; Commentary:
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
26
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
27 ;; This package provides language bindings for the GnuTLS library
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
28 ;; using the corresponding core functions in gnutls.c.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
29
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
30 ;; Simple test:
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
31 ;;
110752
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
32 ;; (open-gnutls-stream "tls" "tls-buffer" "yourserver.com" "https")
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
33 ;; (open-gnutls-stream "tls" "tls-buffer" "imap.gmail.com" "imaps")
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
34
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
35 ;;; Code:
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
36
110611
6c735824d0c1 Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110606
diff changeset
37 (defgroup gnutls nil
6c735824d0c1 Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110606
diff changeset
38 "Emacs interface to the GnuTLS library."
6c735824d0c1 Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110606
diff changeset
39 :prefix "gnutls-"
6c735824d0c1 Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110606
diff changeset
40 :group 'net-utils)
6c735824d0c1 Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110606
diff changeset
41
110648
256dd50b2a63 Make sure all reads/writes to gnutls streams go via the gnutls functions.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110611
diff changeset
42 (defcustom gnutls-log-level 0
110611
6c735824d0c1 Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110606
diff changeset
43 "Logging level to be used by `starttls-negotiate' and GnuTLS."
6c735824d0c1 Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110606
diff changeset
44 :type 'integer
6c735824d0c1 Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110606
diff changeset
45 :group 'gnutls)
6c735824d0c1 Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110606
diff changeset
46
110752
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
47 (defun open-gnutls-stream (name buffer host service)
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
48 "Open a SSL/TLS connection for a service to a host.
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
49 Returns a subprocess-object to represent the connection.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
50 Input and output work as for subprocesses; `delete-process' closes it.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
51 Args are NAME BUFFER HOST SERVICE.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
52 NAME is name for process. It is modified if necessary to make it unique.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
53 BUFFER is the buffer (or `buffer-name') to associate with the process.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
54 Process output goes at end of that buffer, unless you specify
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
55 an output stream or filter function to handle the output.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
56 BUFFER may be also nil, meaning that this process is not associated
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
57 with any buffer
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
58 Third arg is name of the host to connect to, or its IP address.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
59 Fourth arg SERVICE is name of the service desired, or an integer
110752
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
60 specifying a port number to connect to.
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
61
110752
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
62 This is a very simple wrapper around `gnutls-negotiate'. See its
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
63 documentation for the specific parameters you can use to open a
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
64 GnuTLS connection, including specifying the credential type,
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
65 trust and key files, and priority string."
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
66 (let ((proc (open-network-stream name buffer host service)))
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
67 (gnutls-negotiate proc 'gnutls-x509pki)))
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
68
111296
5227b2c896bb * net/gnutls.el (gnutls-boot, gnutls-errorp, gnutls-error-string): Declare.
Glenn Morris <rgm@gnu.org>
parents: 110752
diff changeset
69 (declare-function gnutls-boot "gnutls.c" (proc type proplist))
5227b2c896bb * net/gnutls.el (gnutls-boot, gnutls-errorp, gnutls-error-string): Declare.
Glenn Morris <rgm@gnu.org>
parents: 110752
diff changeset
70
110752
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
71 (defun gnutls-negotiate (proc type &optional priority-string
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
72 trustfiles keyfiles)
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
73 "Negotiate a SSL/TLS connection.
110745
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
74 TYPE is `gnutls-x509pki' (default) or `gnutls-anon'. Use nil for the default.
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
75 PROC is a process returned by `open-network-stream'.
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
76 PRIORITY-STRING is as per the GnuTLS docs, default is \"NORMAL\".
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
77 TRUSTFILES is a list of CA bundles.
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
78 KEYFILES is a list of client keys."
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
79 (let* ((type (or type 'gnutls-x509pki))
111951
027c7b917c8a * net/gnutls.el (gnutls-negotiate): Fix setting of default trustfiles.
Romain Francoise <romain@orebokech.com>
parents: 111296
diff changeset
80 (trustfiles (or trustfiles
110745
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
81 '("/etc/ssl/certs/ca-certificates.crt")))
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
82 (priority-string (or priority-string
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
83 (cond
110745
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
84 ((eq type 'gnutls-anon)
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
85 "NORMAL:+ANON-DH:!ARCFOUR-128")
110745
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
86 ((eq type 'gnutls-x509pki)
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
87 "NORMAL"))))
110745
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
88 (params `(:priority ,priority-string
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
89 :loglevel ,gnutls-log-level
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
90 :trustfiles ,trustfiles
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
91 :keyfiles ,keyfiles
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
92 :callbacks nil))
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
93 ret)
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
94
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
95 (gnutls-message-maybe
110745
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
96 (setq ret (gnutls-boot proc type params))
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
97 "boot: %s")
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
98
110648
256dd50b2a63 Make sure all reads/writes to gnutls streams go via the gnutls functions.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110611
diff changeset
99 proc))
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
100
111296
5227b2c896bb * net/gnutls.el (gnutls-boot, gnutls-errorp, gnutls-error-string): Declare.
Glenn Morris <rgm@gnu.org>
parents: 110752
diff changeset
101 (declare-function gnutls-errorp "gnutls.c" (error))
5227b2c896bb * net/gnutls.el (gnutls-boot, gnutls-errorp, gnutls-error-string): Declare.
Glenn Morris <rgm@gnu.org>
parents: 110752
diff changeset
102 (declare-function gnutls-error-string "gnutls.c" (error))
5227b2c896bb * net/gnutls.el (gnutls-boot, gnutls-errorp, gnutls-error-string): Declare.
Glenn Morris <rgm@gnu.org>
parents: 110752
diff changeset
103
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
104 (defun gnutls-message-maybe (doit format &rest params)
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
105 "When DOIT, message with the caller name followed by FORMAT on PARAMS."
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
106 ;; (apply 'debug format (or params '(nil)))
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
107 (when (gnutls-errorp doit)
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
108 (message "%s: (err=[%s] %s) %s"
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
109 "gnutls.el"
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
110 doit (gnutls-error-string doit)
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
111 (apply 'format format (or params '(nil))))))
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
112
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
113 (provide 'gnutls)
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
114
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
115 ;;; gnutls.el ends here