[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: need help with certificate bundles for ALL the platforms Emacs suppo

From: Ted Zlatanov
Subject: Re: need help with certificate bundles for ALL the platforms Emacs supports
Date: Sun, 12 Feb 2012 17:13:25 -0500
User-agent: Gnus/5.130002 (Ma Gnus v0.2) Emacs/24.0.93 (gnu/linux)

On Fri, 10 Feb 2012 13:57:18 -0500 Stefan Monnier <address@hidden> wrote: 

>> Maintainers: can I change gnutls.el to provide a customizable
>> `gnutls-trustfiles' and to probe these file locations or would you
>> consider that a new feature that has to wait?

SM> I think it's OK to install now, but please show us the patch for
SM> confirmation,

No ChangeLog yet, just the code.  It's pretty simple.

`gnutls-flatten-list' seems like a nice general utility, maybe it
already exists?


=== modified file 'lisp/net/gnutls.el'
--- lisp/net/gnutls.el  2012-02-12 21:40:25 +0000
+++ lisp/net/gnutls.el  2012-02-12 22:11:53 +0000
@@ -51,6 +51,22 @@
   :type '(choice (const nil)
+(defcustom gnutls-trustfiles '(
+                               ;; Debian, Ubuntu, Gentoo and Arch Linux
+                               "/etc/ssl/certs/ca-certificates.crt"
+                               ;; Fedora and RHEL
+                               "/etc/pki/tls/certs/ca-bundle.crt"
+                               ;; Suse
+                               "/etc/ssl/ca-bundle.pem"
+                               )
+  "List of functions or filenames yielding CA bundle locations.
+The files may be in PEM or DER format, as per the GnuTLS documentation.
+The files may not exist, in which case they will be ignored.
+Functions will be called and may return a filename or a list of filenames."
+  :group 'gnutls
+  :type '(repeat (choice (function :tag "Function")
+                         (file :tag "Bundle filename"))))
 (defcustom gnutls-min-prime-bits nil
   "The minimum number of bits to be used in Diffie-Hellman key exchange.
@@ -156,10 +172,14 @@
 It must be omitted, a number, or nil; if omitted or nil it
 defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT."
   (let* ((type (or type 'gnutls-x509pki))
-         (default-trustfile "/etc/ssl/certs/ca-certificates.crt")
          (trustfiles (or trustfiles
-                         (when (file-exists-p default-trustfile)
-                           (list default-trustfile))))
+                         (delq nil
+                               (mapcar (lambda (f) (and f (file-exists-p f) f))
+                                       (gnutls-flatten-list
+                                        (mapcar (lambda (tf) (if (functionp tf)
+                                                            (funcall tf)
+                                                          tf))
+                                                gnutls-trustfiles))))))
          (priority-string (or priority-string
                                ((eq type 'gnutls-anon)
@@ -203,6 +223,17 @@
              doit (gnutls-error-string doit)
              (apply 'format format (or params '(nil))))))
+;; copied from `eshell-flatten-list'
+(defun gnutls-flatten-list (args)
+  "Flatten any lists within ARGS, so that there are no sublists."
+  (let ((new-list (list t)))
+    (dolist (a args)
+      (if (and (listp a)
+               (listp (cdr a)))
+          (nconc new-list (eshell-flatten-list a))
+        (nconc new-list (list a))))
+    (cdr new-list)))
 (provide 'gnutls)
 ;;; gnutls.el ends here

reply via email to

[Prev in Thread] Current Thread [Next in Thread]