Doc fixes and refactorings based on comments from Eli Zaretskii

* doc/lispref/processes.texi (Network Processes): Clarify the meaning of :tls-parameters. * lisp/net/gnutls.el (open-gnutls-stream): Clarify :nowait. * lisp/net/gnutls.el (gnutls-boot-parameters): Factor out into own function. (gnutls-negotiate): Use it. (open-gnutls-stream): Ditto. * src/eval.c (vformat_string): Refactor out the printing bits from verror. (verror): Use it. * src/gnutls.c (boot_error): Mark failed processes with the real error message. * src/lisp.h: Declare vformat_string.
author: Lars Ingebrigtsen 2016-02-03 12:43:24 +1100
committer: Lars Ingebrigtsen 2016-02-03 12:43:24 +1100
commit: 894e21df1e1a38244ad0c8179adf4b632b25a592 (patch)
tree: f866b91e463d951061fc331249700740e179603b /lisp/net
parent: eb597d40950d0b8f126641bf458af28fcab150d5 (diff)
download: emacs-894e21df1e1a38244ad0c8179adf4b632b25a592.tar.gz
emacs-894e21df1e1a38244ad0c8179adf4b632b25a592.zip
2 files changed, 86 insertions, 72 deletions
diff --git a/lisp/net/gnutls.el b/lisp/net/gnutls.el
index 8db665400eb..8db3450308d 100644
--- a/lisp/net/gnutls.el
+++ b/lisp/net/gnutls.el
@@ -110,7 +110,8 @@ Third arg is name of the host to connect to, or its IP address.
 Fourth arg SERVICE is name of the service desired, or an integer
 specifying a port number to connect to.
 Fifth arg NOWAIT (which is optional) means that the socket should
-be opened asynchronously.
+be opened asynchronously.  The connection process will be
+returned to the caller before TLS negotiation has happened.
 Usage example:
@@ -129,12 +130,13 @@ trust and key files, and priority string."
                  :nowait nowait
                  :tls-parameters
                  (and nowait
-                       (gnutls-negotiate :type 'gnutls-x509pki
+                       (cons 'gnutls-x509pki
-                                         :return-keywords t
+                             (gnutls-boot-parameters
-                                         :hostname host)))))
+                              :type 'gnutls-x509pki
+                              :hostname host))))))
    (if nowait
        process
-      (gnutls-negotiate :process (open-network-stream name buffer host service)
+      (gnutls-negotiate :process process
                        :type 'gnutls-x509pki
                        :hostname host))))
@@ -149,14 +151,48 @@ trust and key files, and priority string."
           &key process type hostname priority-string
           trustfiles crlfiles keylist min-prime-bits
           verify-flags verify-error verify-hostname-error
-           return-keywords
           &allow-other-keys)
  "Negotiate a SSL/TLS connection.  Returns proc.  Signals gnutls-error.
-Note arguments are passed CL style, :type TYPE instead of just TYPE.
+Note that arguments are passed CL style, :type TYPE instead of just TYPE.
-TYPE is `gnutls-x509pki' (default) or `gnutls-anon'.  Use nil for the default.
 PROCESS is a process returned by `open-network-stream'.
+For the meaning of the rest of the parameters, see `gnutls-boot-parameters'."
+  (let* ((type (or type 'gnutls-x509pki))
+         ;; The gnutls library doesn't understand files delivered via
+         ;; the special handlers, so ignore all files found via those.
+         (file-name-handler-alist nil)
+         (params (gnutls-boot-parameters
+                  :type type
+                  :hostname hostname
+                  :priority-string priority-string
+                  :trustfiles trustfiles
+                  :crlfiles crlfiles
+                  :keylist keylist
+                  :min-prime-bits min-prime-bits
+                  :verify-flags verify-flags
+                  :verify-error verify-error
+                  :verify-hostname-error verify-hostname-error))
+         ret)
+    (gnutls-message-maybe
+     (setq ret (gnutls-boot process type params))
+     "boot: %s" params)
+    (when (gnutls-errorp ret)
+      ;; This is a error from the underlying C code.
+      (signal 'gnutls-error (list process ret)))
+    process))
+(cl-defun gnutls-boot-parameters
+    (&rest spec
+           &key type hostname priority-string
+           trustfiles crlfiles keylist min-prime-bits
+           verify-flags verify-error verify-hostname-error
+           &allow-other-keys)
+  "Return a keyword list of parameters suitable for passing to `gnutls-boot'.
+TYPE is `gnutls-x509pki' (default) or `gnutls-anon'.  Use nil for the default.
 HOSTNAME is the remote hostname.  It must be a valid string.
 PRIORITY-STRING is as per the GnuTLS docs, default is \"NORMAL\".
 TRUSTFILES is a list of CA bundles.  It defaults to `gnutls-trustfiles'.
@@ -201,71 +237,48 @@ here's a recent version of the list.
    GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 256
 It must be omitted, a number, or nil; if omitted or nil it
-defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT.
+defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT."
+  (let ((trustfiles (or trustfiles (gnutls-trustfiles)))
-If RETURN-KEYWORDS, don't connect to anything, but just return
+        (priority-string (or priority-string
-the computed parameters that we otherwise would be calling
+                             (cond
-gnutls-boot with.  The return value will be a list where the
+                              ((eq type 'gnutls-anon)
-first element is the TLS type, and the rest of the list consists
+                               "NORMAL:+ANON-DH:!ARCFOUR-128")
-of the keywords."
+                              ((eq type 'gnutls-x509pki)
-  (let* ((type (or type 'gnutls-x509pki))
+                               (if gnutls-algorithm-priority
-         ;; The gnutls library doesn't understand files delivered via
+                                   (upcase gnutls-algorithm-priority)
-         ;; the special handlers, so ignore all files found via those.
+                                 "NORMAL")))))
-         (file-name-handler-alist nil)
+        (verify-error (or verify-error
-         (trustfiles (or trustfiles (gnutls-trustfiles)))
+                          ;; this uses the value of `gnutls-verify-error'
-         (priority-string (or priority-string
+                          (cond
-                              (cond
+                           ;; if t, pass it on
-                               ((eq type 'gnutls-anon)
+                           ((eq gnutls-verify-error t)
-                                "NORMAL:+ANON-DH:!ARCFOUR-128")
+                            t)
-                               ((eq type 'gnutls-x509pki)
+                           ;; if a list, look for hostname matches
-                                (if gnutls-algorithm-priority
+                           ((listp gnutls-verify-error)
-                                    (upcase gnutls-algorithm-priority)
+                            (apply 'append
-                                  "NORMAL")))))
+                                   (mapcar
-         (verify-error (or verify-error
+                                    (lambda (check)
-                           ;; this uses the value of `gnutls-verify-error'
+                                      (when (string-match (nth 0 check)
-                           (cond
+                                                          hostname)
-                            ;; if t, pass it on
+                                        (nth 1 check)))
-                            ((eq gnutls-verify-error t)
+                                    gnutls-verify-error)))
-                             t)
+                           ;; else it's nil
-                            ;; if a list, look for hostname matches
+                           (t nil))))
-                            ((listp gnutls-verify-error)
+        (min-prime-bits (or min-prime-bits gnutls-min-prime-bits)))
-                             (apply 'append
-                                    (mapcar
-                                     (lambda (check)
-                                       (when (string-match (nth 0 check)
-                                                           hostname)
-                                         (nth 1 check)))
-                                     gnutls-verify-error)))
-                            ;; else it's nil
-                            (t nil))))
-         (min-prime-bits (or min-prime-bits gnutls-min-prime-bits))
-         params ret)
    (when verify-hostname-error
      (push :hostname verify-error))
-    (setq params `(:priority ,priority-string
+    `(:priority ,priority-string
-                             :hostname ,hostname
+                :hostname ,hostname
-                             :loglevel ,gnutls-log-level
+                :loglevel ,gnutls-log-level
-                             :min-prime-bits ,min-prime-bits
+                :min-prime-bits ,min-prime-bits
-                             :trustfiles ,trustfiles
+                :trustfiles ,trustfiles
-                             :crlfiles ,crlfiles
+                :crlfiles ,crlfiles
-                             :keylist ,keylist
+                :keylist ,keylist
-                             :verify-flags ,verify-flags
+                :verify-flags ,verify-flags
-                             :verify-error ,verify-error
+                :verify-error ,verify-error
-                             :callbacks nil))
+                :callbacks nil)))
-    (if return-keywords
-        (cons type params)
-      (gnutls-message-maybe
-       (setq ret (gnutls-boot process type params))
-       "boot: %s" params)
-      (when (gnutls-errorp ret)
-        ;; This is a error from the underlying C code.
-        (signal 'gnutls-error (list process ret)))
-      process)))
 (defun gnutls-trustfiles ()
  "Return a list of usable trustfiles."
diff --git a/lisp/net/network-stream.el b/lisp/net/network-stream.el
index acbdb7a71b2..4925805a32e 100644
--- a/lisp/net/network-stream.el
+++ b/lisp/net/network-stream.el
@@ -140,9 +140,10 @@ a greeting from the server.
 asynchronously, if possible.
 :tls-parameters is a list that should be supplied if you're
-opening a TLS connection.  The first element is the TLS type, and
+opening a TLS connection.  The first element is the TLS
-the remaining elements should be a keyword list accepted by
+type (either `gnutls-x509pki' or `gnutls-anon'), and the
-gnutls-boot."
+remaining elements should be a keyword list accepted by
+gnutls-boot (as returned by `gnutls-boot-parameters')."
  (unless (featurep 'make-network-process)
    (error "Emacs was compiled without networking support"))
  (let ((type (plist-get parameters :type))
author	Lars Ingebrigtsen	2016-02-03 12:43:24 +1100
committer	Lars Ingebrigtsen	2016-02-03 12:43:24 +1100
commit	894e21df1e1a38244ad0c8179adf4b632b25a592 (patch)
tree	f866b91e463d951061fc331249700740e179603b /lisp/net
parent	eb597d40950d0b8f126641bf458af28fcab150d5 (diff)
download	emacs-894e21df1e1a38244ad0c8179adf4b632b25a592.tar.gz emacs-894e21df1e1a38244ad0c8179adf4b632b25a592.zip

diff --git a/lisp/net/gnutls.el b/lisp/net/gnutls.el index 8db665400eb..8db3450308d 100644 --- a/lisp/net/gnutls.el +++ b/lisp/net/gnutls.el
@@ -110,7 +110,8 @@ Third arg is name of the host to connect to, or its IP address.
110	Fourth arg SERVICE is name of the service desired, or an integer	110	Fourth arg SERVICE is name of the service desired, or an integer
111	specifying a port number to connect to.	111	specifying a port number to connect to.
112	Fifth arg NOWAIT (which is optional) means that the socket should	112	Fifth arg NOWAIT (which is optional) means that the socket should
113	be opened asynchronously.	113	be opened asynchronously. The connection process will be
		114	returned to the caller before TLS negotiation has happened.
114		115
115	Usage example:	116	Usage example:
116		117
@@ -129,12 +130,13 @@ trust and key files, and priority string."
129	:nowait nowait	130	:nowait nowait
130	:tls-parameters	131	:tls-parameters
131	(and nowait	132	(and nowait
132	(gnutls-negotiate :type 'gnutls-x509pki	133	(cons 'gnutls-x509pki
133	:return-keywords t	134	(gnutls-boot-parameters
134	:hostname host)))))	135	:type 'gnutls-x509pki
		136	:hostname host))))))
135	(if nowait	137	(if nowait
136	process	138	process
137	(gnutls-negotiate :process (open-network-stream name buffer host service)	139	(gnutls-negotiate :process process
138	:type 'gnutls-x509pki	140	:type 'gnutls-x509pki
139	:hostname host))))	141	:hostname host))))
140		142
@@ -149,14 +151,48 @@ trust and key files, and priority string."
149	&key process type hostname priority-string	151	&key process type hostname priority-string
150	trustfiles crlfiles keylist min-prime-bits	152	trustfiles crlfiles keylist min-prime-bits
151	verify-flags verify-error verify-hostname-error	153	verify-flags verify-error verify-hostname-error
152	return-keywords
153	&allow-other-keys)	154	&allow-other-keys)
154	"Negotiate a SSL/TLS connection. Returns proc. Signals gnutls-error.	155	"Negotiate a SSL/TLS connection. Returns proc. Signals gnutls-error.
155		156
156	Note arguments are passed CL style, :type TYPE instead of just TYPE.	157	Note that arguments are passed CL style, :type TYPE instead of just TYPE.
157		158
158	TYPE is `gnutls-x509pki' (default) or `gnutls-anon'. Use nil for the default.
159	PROCESS is a process returned by `open-network-stream'.	159	PROCESS is a process returned by `open-network-stream'.
		160	For the meaning of the rest of the parameters, see `gnutls-boot-parameters'."
		161	(let* ((type (or type 'gnutls-x509pki))
		162	;; The gnutls library doesn't understand files delivered via
		163	;; the special handlers, so ignore all files found via those.
		164	(file-name-handler-alist nil)
		165	(params (gnutls-boot-parameters
		166	:type type
		167	:hostname hostname
		168	:priority-string priority-string
		169	:trustfiles trustfiles
		170	:crlfiles crlfiles
		171	:keylist keylist
		172	:min-prime-bits min-prime-bits
		173	:verify-flags verify-flags
		174	:verify-error verify-error
		175	:verify-hostname-error verify-hostname-error))
		176	ret)
		177	(gnutls-message-maybe
		178	(setq ret (gnutls-boot process type params))
		179	"boot: %s" params)
		180
		181	(when (gnutls-errorp ret)
		182	;; This is a error from the underlying C code.
		183	(signal 'gnutls-error (list process ret)))
		184
		185	process))
		186
		187	(cl-defun gnutls-boot-parameters
		188	(&rest spec
		189	&key type hostname priority-string
		190	trustfiles crlfiles keylist min-prime-bits
		191	verify-flags verify-error verify-hostname-error
		192	&allow-other-keys)
		193	"Return a keyword list of parameters suitable for passing to `gnutls-boot'.
		194
		195	TYPE is `gnutls-x509pki' (default) or `gnutls-anon'. Use nil for the default.
160	HOSTNAME is the remote hostname. It must be a valid string.	196	HOSTNAME is the remote hostname. It must be a valid string.
161	PRIORITY-STRING is as per the GnuTLS docs, default is \"NORMAL\".	197	PRIORITY-STRING is as per the GnuTLS docs, default is \"NORMAL\".
162	TRUSTFILES is a list of CA bundles. It defaults to `gnutls-trustfiles'.	198	TRUSTFILES is a list of CA bundles. It defaults to `gnutls-trustfiles'.
@@ -201,71 +237,48 @@ here's a recent version of the list.
201	GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 256	237	GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 256
202		238
203	It must be omitted, a number, or nil; if omitted or nil it	239	It must be omitted, a number, or nil; if omitted or nil it
204	defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT.	240	defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT."
205		241	(let ((trustfiles (or trustfiles (gnutls-trustfiles)))
206	If RETURN-KEYWORDS, don't connect to anything, but just return	242	(priority-string (or priority-string
207	the computed parameters that we otherwise would be calling	243	(cond
208	gnutls-boot with. The return value will be a list where the	244	((eq type 'gnutls-anon)
209	first element is the TLS type, and the rest of the list consists	245	"NORMAL:+ANON-DH:!ARCFOUR-128")
210	of the keywords."	246	((eq type 'gnutls-x509pki)
211	(let* ((type (or type 'gnutls-x509pki))	247	(if gnutls-algorithm-priority
212	;; The gnutls library doesn't understand files delivered via	248	(upcase gnutls-algorithm-priority)
213	;; the special handlers, so ignore all files found via those.	249	"NORMAL")))))
214	(file-name-handler-alist nil)	250	(verify-error (or verify-error
215	(trustfiles (or trustfiles (gnutls-trustfiles)))	251	;; this uses the value of `gnutls-verify-error'
216	(priority-string (or priority-string	252	(cond
217	(cond	253	;; if t, pass it on
218	((eq type 'gnutls-anon)	254	((eq gnutls-verify-error t)
219	"NORMAL:+ANON-DH:!ARCFOUR-128")	255	t)
220	((eq type 'gnutls-x509pki)	256	;; if a list, look for hostname matches
221	(if gnutls-algorithm-priority	257	((listp gnutls-verify-error)
222	(upcase gnutls-algorithm-priority)	258	(apply 'append
223	"NORMAL")))))	259	(mapcar
224	(verify-error (or verify-error	260	(lambda (check)
225	;; this uses the value of `gnutls-verify-error'	261	(when (string-match (nth 0 check)
226	(cond	262	hostname)
227	;; if t, pass it on	263	(nth 1 check)))
228	((eq gnutls-verify-error t)	264	gnutls-verify-error)))
229	t)	265	;; else it's nil
230	;; if a list, look for hostname matches	266	(t nil))))
231	((listp gnutls-verify-error)	267	(min-prime-bits (or min-prime-bits gnutls-min-prime-bits)))
232	(apply 'append
233	(mapcar
234	(lambda (check)
235	(when (string-match (nth 0 check)
236	hostname)
237	(nth 1 check)))
238	gnutls-verify-error)))
239	;; else it's nil
240	(t nil))))
241	(min-prime-bits (or min-prime-bits gnutls-min-prime-bits))
242	params ret)
243		268
244	(when verify-hostname-error	269	(when verify-hostname-error
245	(push :hostname verify-error))	270	(push :hostname verify-error))
246		271
247	(setq params `(:priority ,priority-string	272	`(:priority ,priority-string
248	:hostname ,hostname	273	:hostname ,hostname
249	:loglevel ,gnutls-log-level	274	:loglevel ,gnutls-log-level
250	:min-prime-bits ,min-prime-bits	275	:min-prime-bits ,min-prime-bits
251	:trustfiles ,trustfiles	276	:trustfiles ,trustfiles
252	:crlfiles ,crlfiles	277	:crlfiles ,crlfiles
253	:keylist ,keylist	278	:keylist ,keylist
254	:verify-flags ,verify-flags	279	:verify-flags ,verify-flags
255	:verify-error ,verify-error	280	:verify-error ,verify-error
256	:callbacks nil))	281	:callbacks nil)))
257
258	(if return-keywords
259	(cons type params)
260	(gnutls-message-maybe
261	(setq ret (gnutls-boot process type params))
262	"boot: %s" params)
263
264	(when (gnutls-errorp ret)
265	;; This is a error from the underlying C code.
266	(signal 'gnutls-error (list process ret)))
267
268	process)))
269		282
270	(defun gnutls-trustfiles ()	283	(defun gnutls-trustfiles ()
271	"Return a list of usable trustfiles."	284	"Return a list of usable trustfiles."


diff --git a/lisp/net/network-stream.el b/lisp/net/network-stream.el index acbdb7a71b2..4925805a32e 100644 --- a/lisp/net/network-stream.el +++ b/lisp/net/network-stream.el
@@ -140,9 +140,10 @@ a greeting from the server.
140	asynchronously, if possible.	140	asynchronously, if possible.
141		141
142	:tls-parameters is a list that should be supplied if you're	142	:tls-parameters is a list that should be supplied if you're
143	opening a TLS connection. The first element is the TLS type, and	143	opening a TLS connection. The first element is the TLS
144	the remaining elements should be a keyword list accepted by	144	type (either `gnutls-x509pki' or `gnutls-anon'), and the
145	gnutls-boot."	145	remaining elements should be a keyword list accepted by
		146	gnutls-boot (as returned by `gnutls-boot-parameters')."
146	(unless (featurep 'make-network-process)	147	(unless (featurep 'make-network-process)
147	(error "Emacs was compiled without networking support"))	148	(error "Emacs was compiled without networking support"))
148	(let ((type (plist-get parameters :type))	149	(let ((type (plist-get parameters :type))