[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: url library and GnuTLS, and Emacs-issued certificates
From: |
Chong Yidong |
Subject: |
Re: url library and GnuTLS, and Emacs-issued certificates |
Date: |
Thu, 24 Mar 2011 14:42:29 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) |
Lars Magne Ingebrigtsen <address@hidden> writes:
> tls.el is quite simple. You start openssl/gnutls-cli as a subprocess
> with the correct parameters, parse the output slightly, and then talk
> over the socket.
>
> starttls.el is a bit different. You call `open-starttls-stream', which
> starts gnutls-cli in unencrypted mode. Then you do protocol-specific
> things to see whether the server supports STARTTLS. If it does, you
> issue the commands necessary for the server to start talking TLS. You
> then call `startls-negotiate' which sends a signal to gnutls-cli which
> makes gnutls-cli go to encrypted mode, parses the output from
> gnutls-cli, and returns the status of the now-encrypted socket.
I see. Thanks for the explanation. A couple more questions:
How about gnutls.el? If I understand correctly, open-gnutls-stream
works just like open-tls-stream, except it uses the gnutls library
directly instead of using a command line client---and it does not
support the mode of operation provided in starttls.el. Correct?
Also, does this mean it's impossible to use open-tls-stream and
open-gnutls-stream to opportunistically open a TLS stream? I see that
proto-stream.el, in `network' mode, opens a connection using
starttls-open-stream and then uses gnutls-negotiate from gnutls.el to do
the negotiation; what's the advantage of doing this?
- expand tls to elpa.gnu.org, axel . junker, 2011/03/19
- Re: expand tls to elpa.gnu.org, Ted Zlatanov, 2011/03/21
- Re: expand tls to elpa.gnu.org, Chong Yidong, 2011/03/21
- url library and GnuTLS, and Emacs-issued certificates (was: expand tls to elpa.gnu.org), Ted Zlatanov, 2011/03/21
- Re: url library and GnuTLS, and Emacs-issued certificates, Ted Zlatanov, 2011/03/23
- Re: url library and GnuTLS, and Emacs-issued certificates, Chong Yidong, 2011/03/23
- Re: url library and GnuTLS, and Emacs-issued certificates, Ted Zlatanov, 2011/03/23
- Re: url library and GnuTLS, and Emacs-issued certificates, Lars Magne Ingebrigtsen, 2011/03/23
- Re: url library and GnuTLS, and Emacs-issued certificates, Chong Yidong, 2011/03/23
- Re: url library and GnuTLS, and Emacs-issued certificates, Lars Magne Ingebrigtsen, 2011/03/24
- Re: url library and GnuTLS, and Emacs-issued certificates,
Chong Yidong <=
- Re: url library and GnuTLS, and Emacs-issued certificates, Lars Magne Ingebrigtsen, 2011/03/24
- Re: url library and GnuTLS, and Emacs-issued certificates, Chong Yidong, 2011/03/24
- Re: url library and GnuTLS, and Emacs-issued certificates, Ted Zlatanov, 2011/03/24
- Re: url library and GnuTLS, and Emacs-issued certificates, Lars Magne Ingebrigtsen, 2011/03/24
- Re: url library and GnuTLS, and Emacs-issued certificates, Chong Yidong, 2011/03/26
- Re: url library and GnuTLS, and Emacs-issued certificates, Lars Magne Ingebrigtsen, 2011/03/26
- Re: url library and GnuTLS, and Emacs-issued certificates, Chong Yidong, 2011/03/26
- Re: url library and GnuTLS, and Emacs-issued certificates, Lars Magne Ingebrigtsen, 2011/03/27
- Re: url library and GnuTLS, and Emacs-issued certificates, Lars Magne Ingebrigtsen, 2011/03/26
- Re: url library and GnuTLS, and Emacs-issued certificates, Chong Yidong, 2011/03/26