[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local net
From: |
Robert Pluim |
Subject: |
Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks |
Date: |
Mon, 16 Jul 2018 18:23:21 +0200 |
Eli Zaretskii <address@hidden> writes:
>> From: Robert Pluim <address@hidden>
>> Date: Mon, 16 Jul 2018 15:34:35 +0200
>> Cc: address@hidden
>>
>> Eli, I see thereʼs a sys_getaddrinfo in w32.c, is something needed
>> to get emacs to use that on MS-Windows?
>
> No, you don't need anything special. nt/inc/socket.h redirects
> getaddrinfo into sys_getaddrinfo, and all our C sources see the
> redirection.
Thanks. I always forget how the nt stuff works.
>> +DEFUN ("get-address-info", Fget_address_info, Sget_address_info, 1, 2, 0,
>> + doc: /* Look up ip address info of NAME.
>> +Optional parameter FAMILY controls whether to look up IPv4 or IPv6
>> +addresses. The default of nil means look up both, symbol `ipv4' means
>> +IPv4 only, symbol `ipv6' mean IPv6 only. Returns a list of addresses,
>> +or nil if none were found. */)
>
> This doc string doesn't tell that each address is a vector or a
> string.
Yes. Iʼm waiting for Jimmy to tell me if the format works for him,
then Iʼll document whatever we end up with (and it can currently only
return a vector, and includes a port, which is probably not needed).
>> + if (EQ (family, Qipv4))
>> + hints.ai_family = AF_INET;
>> +#ifdef AF_INET6
>> + if (EQ (family, Qipv6))
>> + hints.ai_family = AF_INET6;
>> +#endif
>
> Should we signal an error if 'ipv6' is requested on a system that
> doesn't support that?
Iʼd be more inclined to return nil in that case. The effect is the
same, and the caller doesnʼt need to do redundant error handling.
>> + ret = getaddrinfo (SSDATA (name), NULL, &hints, &res);
>
> You should encode NAME (using ENCODE_SYSTEM), because it could include
> non-ASCII characters. In general, any Lisp string should be encoded
> before you can pass its data to a C library function.
>
My understanding is that this API only supports ASCII anyway. For
internationalized domain names you'd need to use puny-code (and we
donʼt currently use ENCODE_SYSTEM when calling getaddrinfo elsewhere).
> Thanks.
>
> P.S. This needs a NEWS entry, at the very least, and perhaps also an
> update for the ELisp manual.
Both, for sure.
Robert
- Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks, Robert Pluim, 2018/07/15
- Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks, Jimmy Yuen Ho Wong, 2018/07/15
- Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks, Eli Zaretskii, 2018/07/16
- Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks, Robert Pluim, 2018/07/17
- Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks, Eli Zaretskii, 2018/07/17
- Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks, Robert Pluim, 2018/07/17
- Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks, Robert Pluim, 2018/07/17
- Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks, Eli Zaretskii, 2018/07/17
- Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks, Robert Pluim, 2018/07/17
- Re: netsec 682578f 4/6: Add option to bypass NSM TLS checks on local networks, Jimmy Yuen Ho Wong, 2018/07/16