Mercurial > emacs

annotate lisp/net/gnutls.el @ 110855:bec49af30c2f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merge changes from emacs-23 branch.
author Juanma Barranquero <lekktu@gmail.com>
date Fri, 08 Oct 2010 12:14:47 +0200
parents a347bc5bfc03
children 5227b2c896bb
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
110752
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
1 ;;; gnutls.el --- Support SSL/TLS connections through GnuTLS
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
2 ;; Copyright (C) 2010 Free Software Foundation, Inc.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
3
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
4 ;; Author: Ted Zlatanov <tzz@lifelogs.com>
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
5 ;; Keywords: comm, tls, ssl, encryption
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
6 ;; Originally-By: Simon Josefsson (See http://josefsson.org/emacs-security/)
110752
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
7 ;; Thanks-To: Lars Magne Ingebrigtsen <larsi@gnus.org>
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
8
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
9 ;; This file is part of GNU Emacs.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
10
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
11 ;; GNU Emacs is free software: you can redistribute it and/or modify
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
12 ;; it under the terms of the GNU General Public License as published by
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
13 ;; the Free Software Foundation, either version 3 of the License, or
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
14 ;; (at your option) any later version.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
15
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
16 ;; GNU Emacs is distributed in the hope that it will be useful,
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
17 ;; but WITHOUT ANY WARRANTY; without even the implied warranty of
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
18 ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
19 ;; GNU General Public License for more details.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
20
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
21 ;; You should have received a copy of the GNU General Public License
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
22 ;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
23
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
24 ;;; Commentary:
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
25
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
26 ;; This package provides language bindings for the GnuTLS library
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
27 ;; using the corresponding core functions in gnutls.c.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
28
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
29 ;; Simple test:
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
30 ;;
110752
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
31 ;; (open-gnutls-stream "tls" "tls-buffer" "yourserver.com" "https")
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
32 ;; (open-gnutls-stream "tls" "tls-buffer" "imap.gmail.com" "imaps")
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
33
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
34 ;;; Code:
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
35
110611
6c735824d0c1 Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110606
diff changeset
36 (defgroup gnutls nil
6c735824d0c1 Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110606
diff changeset
37 "Emacs interface to the GnuTLS library."
6c735824d0c1 Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110606
diff changeset
38 :prefix "gnutls-"
6c735824d0c1 Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110606
diff changeset
39 :group 'net-utils)
6c735824d0c1 Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110606
diff changeset
40
110648
256dd50b2a63 Make sure all reads/writes to gnutls streams go via the gnutls functions.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110611
diff changeset
41 (defcustom gnutls-log-level 0
110611
6c735824d0c1 Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110606
diff changeset
42 "Logging level to be used by `starttls-negotiate' and GnuTLS."
6c735824d0c1 Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110606
diff changeset
43 :type 'integer
6c735824d0c1 Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110606
diff changeset
44 :group 'gnutls)
6c735824d0c1 Add gnutls logging and clean up various gnutls bits.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110606
diff changeset
45
110752
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
46 (defun open-gnutls-stream (name buffer host service)
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
47 "Open a SSL/TLS connection for a service to a host.
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
48 Returns a subprocess-object to represent the connection.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
49 Input and output work as for subprocesses; `delete-process' closes it.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
50 Args are NAME BUFFER HOST SERVICE.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
51 NAME is name for process. It is modified if necessary to make it unique.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
52 BUFFER is the buffer (or `buffer-name') to associate with the process.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
53 Process output goes at end of that buffer, unless you specify
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
54 an output stream or filter function to handle the output.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
55 BUFFER may be also nil, meaning that this process is not associated
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
56 with any buffer
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
57 Third arg is name of the host to connect to, or its IP address.
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
58 Fourth arg SERVICE is name of the service desired, or an integer
110752
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
59 specifying a port number to connect to.
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
60
110752
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
61 This is a very simple wrapper around `gnutls-negotiate'. See its
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
62 documentation for the specific parameters you can use to open a
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
63 GnuTLS connection, including specifying the credential type,
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
64 trust and key files, and priority string."
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
65 (let ((proc (open-network-stream name buffer host service)))
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
66 (gnutls-negotiate proc 'gnutls-x509pki)))
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
67
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
68 (defun gnutls-negotiate (proc type &optional priority-string
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
69 trustfiles keyfiles)
a347bc5bfc03 Provide GnuTLS API with `gnutls-negotiate' and `open-gnutls-stream'.
Ted Zlatanov <tzz@lifelogs.com>
parents: 110745
diff changeset
70 "Negotiate a SSL/TLS connection.
110745
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
71 TYPE is `gnutls-x509pki' (default) or `gnutls-anon'. Use nil for the default.
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
72 PROC is a process returned by `open-network-stream'.
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
73 PRIORITY-STRING is as per the GnuTLS docs, default is \"NORMAL\".
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
74 TRUSTFILES is a list of CA bundles.
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
75 KEYFILES is a list of client keys."
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
76 (let* ((type (or type 'gnutls-x509pki))
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
77 (trusfiles (or trustfiles
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
78 '("/etc/ssl/certs/ca-certificates.crt")))
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
79 (priority-string (or priority-string
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
80 (cond
110745
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
81 ((eq type 'gnutls-anon)
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
82 "NORMAL:+ANON-DH:!ARCFOUR-128")
110745
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
83 ((eq type 'gnutls-x509pki)
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
84 "NORMAL"))))
110745
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
85 (params `(:priority ,priority-string
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
86 :loglevel ,gnutls-log-level
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
87 :trustfiles ,trustfiles
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
88 :keyfiles ,keyfiles
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
89 :callbacks nil))
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
90 ret)
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
91
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
92 (gnutls-message-maybe
110745
af2db97ca17a Rework the gnutls boot interface.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110649
diff changeset
93 (setq ret (gnutls-boot proc type params))
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
94 "boot: %s")
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
95
110648
256dd50b2a63 Make sure all reads/writes to gnutls streams go via the gnutls functions.
Lars Magne Ingebrigtsen <larsi@gnus.org>
parents: 110611
diff changeset
96 proc))
110584
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
97
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
98 (defun gnutls-message-maybe (doit format &rest params)
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
99 "When DOIT, message with the caller name followed by FORMAT on PARAMS."
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
100 ;; (apply 'debug format (or params '(nil)))
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
101 (when (gnutls-errorp doit)
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
102 (message "%s: (err=[%s] %s) %s"
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
103 "gnutls.el"
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
104 doit (gnutls-error-string doit)
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
105 (apply 'format format (or params '(nil))))))
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
106
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
107 (provide 'gnutls)
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
108
9d94d76ce611 Set up GnuTLS support.
Ted Zlatanov <tzz@lifelogs.com>
parents:
diff changeset
109 ;;; gnutls.el ends here