[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: url library and GnuTLS, and Emacs-issued certificates

From: Lars Magne Ingebrigtsen
Subject: Re: url library and GnuTLS, and Emacs-issued certificates
Date: Thu, 24 Mar 2011 20:45:26 +0100
User-agent: Gnus/5.110016 (No Gnus v0.16) Emacs/24.0.50 (gnu/linux)

Chong Yidong <address@hidden> writes:

> How about gnutls.el?  If I understand correctly, open-gnutls-stream
> works just like open-tls-stream, except it uses the gnutls library
> directly instead of using a command line client---and it does not
> support the mode of operation provided in starttls.el.  Correct?

No, with gnutls.c, we just open a normal network stream (with
`open-network-stream'), and then if it turns out that the server
supports STARTTLS, we just put the server in STARTTLS mode and then
issue a `gnutls-negotiate' call.

> Also, does this mean it's impossible to use open-tls-stream and
> open-gnutls-stream to opportunistically open a TLS stream?  I see that
> proto-stream.el, in `network' mode, opens a connection using
> starttls-open-stream and then uses gnutls-negotiate from gnutls.el to do
> the negotiation; what's the advantage of doing this?

Looking at the code in `proto-stream-open-network', I can see why you
think it's doing that, but it's not.  I hope.  :-)  That function is
somewhat hairy because of all the combinations in the
matrix, as well as error handling...

But for the "gnutls where the server supports STARTTLS and there's no
errors" case, it should just be doing

(defun proto-stream-open-network (name buffer host service parameters)


         (stream (open-network-stream name buffer host service))


            ;; The server said it was OK to start doing STARTTLS negotiations.
            (if (fboundp 'open-gnutls-stream)
                (gnutls-negotiate stream nil)                

(domestic pets only, the antidote for overdose, milk.)
  address@hidden * Lars Magne Ingebrigtsen

reply via email to

[Prev in Thread] Current Thread [Next in Thread]