emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: url library and GnuTLS, and Emacs-issued certificates


From: Chong Yidong
Subject: Re: url library and GnuTLS, and Emacs-issued certificates
Date: Thu, 24 Mar 2011 14:42:29 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux)

Lars Magne Ingebrigtsen <address@hidden> writes:

> tls.el is quite simple.  You start openssl/gnutls-cli as a subprocess
> with the correct parameters, parse the output slightly, and then talk
> over the socket.
>
> starttls.el is a bit different.  You call `open-starttls-stream', which
> starts gnutls-cli in unencrypted mode.  Then you do protocol-specific
> things to see whether the server supports STARTTLS.  If it does, you
> issue the commands necessary for the server to start talking TLS.  You
> then call `startls-negotiate' which sends a signal to gnutls-cli which
> makes gnutls-cli go to encrypted mode, parses the output from
> gnutls-cli, and returns the status of the now-encrypted socket.

I see.  Thanks for the explanation.  A couple more questions:

How about gnutls.el?  If I understand correctly, open-gnutls-stream
works just like open-tls-stream, except it uses the gnutls library
directly instead of using a command line client---and it does not
support the mode of operation provided in starttls.el.  Correct?

Also, does this mean it's impossible to use open-tls-stream and
open-gnutls-stream to opportunistically open a TLS stream?  I see that
proto-stream.el, in `network' mode, opens a connection using
starttls-open-stream and then uses gnutls-negotiate from gnutls.el to do
the negotiation; what's the advantage of doing this?



reply via email to

[Prev in Thread] Current Thread [Next in Thread]