emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Emacs core TLS support


From: Ted Zlatanov
Subject: Re: Emacs core TLS support
Date: Sun, 26 Sep 2010 01:09:20 -0500
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/24.0.50 (gnu/linux)

On Wed, 15 Sep 2010 14:13:57 +0200 Nikos Mavrogiannopoulos <address@hidden> 
wrote: 

NM> Use/check the gnutls-http-serv script in doc/credentials. It sets up a
NM> server with a certificate, ready for testing. If the server doesn't
NM> have a certificate it wouldn't be able to fully operate.

OK, this server works with ex-client2 and with a regular web browser
like w3m, but not with Emacs.  The only difference between ex-client2
and my code AFAICT is that it specifies the trust file as "ca.pem" and
then calls `gnutls_certificate_set_x509_trust_file' with that missing
file without checking the return code.  I tried that and it didn't make
a difference.  I keep getting error GNUTLS_E_UNEXPECTED_PACKET_LENGTH
after a bunch of handshakes.

I've gone over my code carefully and just can't figure out what's
different.  I'm sure it's something simple I've overlooked.  So I
checked my changes into the Emacs repo in order to have other, more
expert developers take a look.  All the tedious work is done; the files
of interest are src/process.[ch] (where the process is set up with the
GnuTLS members), src/gnutls.[ch], and lisp/net/gnutls.el.

Here's the recipe to see the problem:

1) compile Emacs with

./configure --with-gnutls; make bootstrap

2) run it directly:

cd src
gdb --args ./emacs ../lisp/net/gnutls.el

3) when it loads, do:

(you'll also need the gnutls-http-serv running locally)

M-x eval-buffer
M-: (open-ssl-stream "tls" "tls-buffer" "localhost" 5556)

4) look in *Messages* for the errors:

gnutls: allocating credentials
gnutls: allocating x509 credentials
gnutls: setting the trustfile
gnutls: processed 142 CA certificates
gnutls: setting the keyfile
gnutls: gnutls_init
gnutls: setting the priority string
gnutls: setting the credentials
gnutls: setting the x509 credentials
gnutls: handshake: setting the transport pointers to 8/8
gnutls: handshake: handshaking
gnutls.el: (err=[gnutls-e-again] Resource temporarily unavailable, try again.) 
handshake: nil
gnutls: handshake: handshaking
... repeated a LOT ...
gnutls.el: (err=[gnutls-e-again] Resource temporarily unavailable, try again.) 
handshake: nil
gnutls: handshake: handshaking [2 times]
gnutls.el: (err=[gnutls-e-again] Resource temporarily unavailable, try again.) 
handshake: nil
gnutls: handshake: handshaking
gnutls.el: (err=[-9] A TLS packet with unexpected length was received.) 
handshake: nil
Ouch, error return -9 (A TLS packet with unexpected length was received.)
nil
Mark set [2 times]


Ted




reply via email to

[Prev in Thread] Current Thread [Next in Thread]