Re: Testing the gnutls support

[Ted Zlatanov]

On Sat, 09 Oct 2010 15:56:04 +0200 Lars Magne Ingebrigtsen <address@hidden> 
wrote: 

LMI> Eli Zaretskii <address@hidden> writes:
>>> Debugger entered--Lisp error: (file-error "writing to process" "interrupted 
>>> system call" #<process http<1>>)
>>> process-send-string(#<process http<1>> "GET /market.php HTTP/1.0.\n.\n")
>> 
>> That's strange.  process-send-string calls emacs_write to write to the
>> process, but emacs_write already handles EINTR, by retrying the write
>> which failed.  So why does this signal raise a Lisp error?

LMI> This is in emacs_gnutls_write, not emacs_write.  But thanks for the
LMI> tip -- it was indeed faulty EINTR handling.  I've now peeked at the
LMI> gnutls documentation and changed it to use the proper EINTR handling it
LMI> needs, and it seems to work in my test cases now.

Wonderful.  Thanks for fixing the gnutls-boot plist symbols, too.

I had a long conversation (er, mostly monologue) with the GnuTLS guys
about the right way to set up callbacks and verification.  So:

1) we should be verifying the host name matches the certificate--but
should this be done in gnutls.el or gnutls.c?

2) we should set up a verification callback (but this is not available
in mainstream Debian/Ubuntu yet, since it's new in 2.10).  In the
callback we should let the user accept an invalid certificate.  I'd like
to defer this until 2.10 is in the Debian mainstream.

3) We should give users a way to accept certificates.  Right now they
can pass a list of trust file names themselves but I think this should
be a more general facility.

Ted