diff options
| author | Ted Zlatanov | 2010-09-26 01:06:28 -0500 |
|---|---|---|
| committer | Ted Zlatanov | 2010-09-26 01:06:28 -0500 |
| commit | 8af55556e6cc093641dde5205aa5e295039b809f (patch) | |
| tree | 2f0bebd6d170687acc470e4a1a030abd18daf651 /lisp | |
| parent | 8ccbef23ea624d892bada3c66ef2339ada342997 (diff) | |
| download | emacs-8af55556e6cc093641dde5205aa5e295039b809f.tar.gz emacs-8af55556e6cc093641dde5205aa5e295039b809f.zip | |
Set up GnuTLS support.
* configure.in: Set up GnuTLS.
* lisp/net/gnutls.el: GnuTLS glue code to set up a connection.
* src/Makefile.in (LIBGNUTLS_LIBS, LIBGNUTLS_CFLAGS, ALL_CFLAGS)
(obj, LIBES): Set up GnuTLS support.
* src/config.in: Set up GnuTLS support.
* src/emacs.c: Set up GnuTLS support and call syms_of_gnutls.
* src/gnutls.c: The source code for GnuTLS support in Emacs.
* src/gnutls.h: The GnuTLS glue for Emacs, macros and enums.
* src/process.c (make_process, Fstart_process)
(read_process_output, send_process): Set up GnuTLS support for
process input/output file descriptors.
* src/process.h: Set up GnuTLS support.
Diffstat (limited to 'lisp')
| -rw-r--r-- | lisp/ChangeLog | 4 | ||||
| -rw-r--r-- | lisp/net/gnutls.el | 128 |
2 files changed, 132 insertions, 0 deletions
diff --git a/lisp/ChangeLog b/lisp/ChangeLog index 4840bc4b13b..827c27b315c 100644 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog | |||
| @@ -1,3 +1,7 @@ | |||
| 1 | 2010-09-26 Teodor Zlatanov <tzz@lifelogs.com> | ||
| 2 | |||
| 3 | * net/gnutls.el: GnuTLS glue code to set up a connection. | ||
| 4 | |||
| 1 | 2010-09-25 Julien Danjou <julien@danjou.info> | 5 | 2010-09-25 Julien Danjou <julien@danjou.info> |
| 2 | 6 | ||
| 3 | * notifications.el: Call dbus-register-signal only if it is bound. | 7 | * notifications.el: Call dbus-register-signal only if it is bound. |
diff --git a/lisp/net/gnutls.el b/lisp/net/gnutls.el new file mode 100644 index 00000000000..b4fa4f08385 --- /dev/null +++ b/lisp/net/gnutls.el | |||
| @@ -0,0 +1,128 @@ | |||
| 1 | ;;; gnutls.el --- Support SSL and TLS connections through GnuTLS | ||
| 2 | ;; Copyright (C) 2010 Free Software Foundation, Inc. | ||
| 3 | |||
| 4 | ;; Author: Ted Zlatanov <tzz@lifelogs.com> | ||
| 5 | ;; Keywords: comm, tls, ssl, encryption | ||
| 6 | ;; Originally-By: Simon Josefsson (See http://josefsson.org/emacs-security/) | ||
| 7 | |||
| 8 | ;; This file is part of GNU Emacs. | ||
| 9 | |||
| 10 | ;; GNU Emacs is free software: you can redistribute it and/or modify | ||
| 11 | ;; it under the terms of the GNU General Public License as published by | ||
| 12 | ;; the Free Software Foundation, either version 3 of the License, or | ||
| 13 | ;; (at your option) any later version. | ||
| 14 | |||
| 15 | ;; GNU Emacs is distributed in the hope that it will be useful, | ||
| 16 | ;; but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| 17 | ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| 18 | ;; GNU General Public License for more details. | ||
| 19 | |||
| 20 | ;; You should have received a copy of the GNU General Public License | ||
| 21 | ;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>. | ||
| 22 | |||
| 23 | ;;; Commentary: | ||
| 24 | |||
| 25 | ;; This package provides language bindings for the GnuTLS library | ||
| 26 | ;; using the corresponding core functions in gnutls.c. | ||
| 27 | |||
| 28 | ;; Simple test: | ||
| 29 | ;; | ||
| 30 | ;; (setq jas (open-ssl-stream "ssl" (current-buffer) "www.pdc.kth.se" 443)) | ||
| 31 | ;; (process-send-string jas "GET /\r\n\r\n") | ||
| 32 | |||
| 33 | ;;; Code: | ||
| 34 | |||
| 35 | (defun open-ssl-stream (name buffer host service) | ||
| 36 | "Open a SSL connection for a service to a host. | ||
| 37 | Returns a subprocess-object to represent the connection. | ||
| 38 | Input and output work as for subprocesses; `delete-process' closes it. | ||
| 39 | Args are NAME BUFFER HOST SERVICE. | ||
| 40 | NAME is name for process. It is modified if necessary to make it unique. | ||
| 41 | BUFFER is the buffer (or `buffer-name') to associate with the process. | ||
| 42 | Process output goes at end of that buffer, unless you specify | ||
| 43 | an output stream or filter function to handle the output. | ||
| 44 | BUFFER may be also nil, meaning that this process is not associated | ||
| 45 | with any buffer | ||
| 46 | Third arg is name of the host to connect to, or its IP address. | ||
| 47 | Fourth arg SERVICE is name of the service desired, or an integer | ||
| 48 | specifying a port number to connect to." | ||
| 49 | (let ((proc (open-network-stream name buffer host service))) | ||
| 50 | (starttls-negotiate proc nil 'gnutls-x509pki))) | ||
| 51 | |||
| 52 | ;; (open-ssl-stream "tls" "tls-buffer" "yourserver.com" "https") | ||
| 53 | (defun starttls-negotiate (proc &optional priority-string | ||
| 54 | credentials credentials-file) | ||
| 55 | "Negotiate a SSL or TLS connection. | ||
| 56 | PROC is the process returned by `starttls-open-stream'. | ||
| 57 | PRIORITY-STRING is as per the GnuTLS docs. | ||
| 58 | CREDENTIALS is `gnutls-x509pki' or `gnutls-anon'. | ||
| 59 | CREDENTIALS-FILE is a filename with meaning dependent on CREDENTIALS." | ||
| 60 | (let* ((credentials (or credentials 'gnutls-x509pki)) | ||
| 61 | (credentials-file (or credentials-file | ||
| 62 | "/etc/ssl/certs/ca-certificates.crt" | ||
| 63 | ;"/etc/ssl/certs/ca.pem" | ||
| 64 | )) | ||
| 65 | |||
| 66 | (priority-string (or priority-string | ||
| 67 | (cond | ||
| 68 | ((eq credentials 'gnutls-anon) | ||
| 69 | "NORMAL:+ANON-DH:!ARCFOUR-128") | ||
| 70 | ((eq credentials 'gnutls-x509pki) | ||
| 71 | "NORMAL")))) | ||
| 72 | ret) | ||
| 73 | |||
| 74 | (gnutls-message-maybe | ||
| 75 | (setq ret (gnutls-boot proc priority-string credentials credentials-file)) | ||
| 76 | "boot: %s") | ||
| 77 | |||
| 78 | (when (gnutls-errorp ret) | ||
| 79 | (error "Could not boot GnuTLS for this process")); | ||
| 80 | |||
| 81 | (let ((ret 'gnutls-e-again) | ||
| 82 | (n 25000)) | ||
| 83 | (while (and (not (gnutls-error-fatalp ret)) | ||
| 84 | (> n 0)) | ||
| 85 | (decf n) | ||
| 86 | (gnutls-message-maybe | ||
| 87 | (setq ret (gnutls-handshake proc)) | ||
| 88 | "handshake: %s") | ||
| 89 | ;(debug "handshake ret" ret (gnutls-error-string ret))) | ||
| 90 | ) | ||
| 91 | (if (gnutls-errorp ret) | ||
| 92 | (progn | ||
| 93 | (message "Ouch, error return %s (%s)" | ||
| 94 | ret (gnutls-error-string ret)) | ||
| 95 | (setq proc nil)) | ||
| 96 | (message "Handshake complete %s." ret))) | ||
| 97 | proc)) | ||
| 98 | |||
| 99 | (defun starttls-open-stream (name buffer host service) | ||
| 100 | "Open a TLS connection for a service to a host. | ||
| 101 | Returns a subprocess-object to represent the connection. | ||
| 102 | Input and output work as for subprocesses; `delete-process' closes it. | ||
| 103 | Args are NAME BUFFER HOST SERVICE. | ||
| 104 | NAME is name for process. It is modified if necessary to make it unique. | ||
| 105 | BUFFER is the buffer (or `buffer-name') to associate with the process. | ||
| 106 | Process output goes at end of that buffer, unless you specify | ||
| 107 | an output stream or filter function to handle the output. | ||
| 108 | BUFFER may be also nil, meaning that this process is not associated | ||
| 109 | with any buffer | ||
| 110 | Third arg is name of the host to connect to, or its IP address. | ||
| 111 | Fourth arg SERVICE is name of the service desired, or an integer | ||
| 112 | specifying a port number to connect to." | ||
| 113 | (open-network-stream name buffer host service)) | ||
| 114 | |||
| 115 | (defun gnutls-message-maybe (doit format &rest params) | ||
| 116 | "When DOIT, message with the caller name followed by FORMAT on PARAMS." | ||
| 117 | ;; (apply 'debug format (or params '(nil))) | ||
| 118 | (when (gnutls-errorp doit) | ||
| 119 | (message "%s: (err=[%s] %s) %s" | ||
| 120 | "gnutls.el" | ||
| 121 | doit (gnutls-error-string doit) | ||
| 122 | (apply 'format format (or params '(nil)))))) | ||
| 123 | |||
| 124 | (provide 'ssl) | ||
| 125 | (provide 'gnutls) | ||
| 126 | (provide 'starttls) | ||
| 127 | |||
| 128 | ;;; gnutls.el ends here | ||