From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eric Marsden Newsgroups: gmane.emacs.devel Subject: ALPN support for GnuTLS connections Date: Sun, 29 Sep 2024 10:23:17 +0200 Message-ID: <7f11f60c-37da-4123-ae5b-98c79a132bb1@risk-engineering.org> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="24304"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mozilla Thunderbird To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sun Sep 29 10:39:22 2024 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1supSc-00069H-8L for ged-emacs-devel@m.gmane-mx.org; Sun, 29 Sep 2024 10:39:22 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1supRt-0004HF-9a; Sun, 29 Sep 2024 04:38:37 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1supRq-00048W-QZ for emacs-devel@gnu.org; Sun, 29 Sep 2024 04:38:34 -0400 Original-Received: from mail.risk-engineering.org ([2a01:4f8:c0c:a3f8::1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1supRo-00076O-IS for emacs-devel@gnu.org; Sun, 29 Sep 2024 04:38:34 -0400 DKIM-Signature: a=rsa-sha256; bh=W8k4l6DbAhfUn+Vq9dfIi1RdeW48b/DxDgwzkhpeiMU=; c=relaxed/relaxed; d=risk-engineering.org; h=Subject:Subject:Sender:To:To:Cc:From:From:Date:Date:MIME-Version:MIME-Version:Content-Type:Content-Type:Content-Transfer-Encoding:Content-Transfer-Encoding:Reply-To:In-Reply-To:Message-Id:Message-Id:References:Autocrypt:Openpgp; i=@risk-engineering.org; s=default; t=1727598205; v=1; x=1728030205; b=OIWCxBg2W8zzszNgRuYNyUriL7lw/7994GqKdnLr1Qh+NtgqQKs+l3b9zoosfEJXnu5zWTcl WSFEEfPMR0NO0qyicL6NqVKB4i6M8HfY+0zlTjexp7Y+5h24kbpu2Aeoe7YGUxi/M5MuZ0JjcQv ue21zBjISWradNe5MNmHf3UHNyemPJzu3yTF3xrzXiHKifhgF/6gUKF2JhqQx28+hp2dqk75e9L /DrrAl+PMiCDTz5fNWwr6rvR99syeFW0hOaIhYGEpRAoas5e5hyd7uDCplzDNvMfWAIOG/JO7J0 UP3c9Y959MDZEEHGr2Uc9pyGZBtQDY5+Kk1yqz+nzXmPA== Original-Received: by mail.risk-engineering.org (envelope-sender ) with ESMTPS id b8d7be77; Sun, 29 Sep 2024 10:23:25 +0200 Content-Language: en-US Received-SPF: pass client-ip=2a01:4f8:c0c:a3f8::1; envelope-from=eric.marsden@risk-engineering.org; helo=mail.risk-engineering.org X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:324186 Archived-At: Hello, The GnuTLS support in Emacs does not seem to support the TLS extension Application Layer Protocol Negotiation (ALPN). ALPN is no longer just useful for faster TLS handshakes (in HTTP/2, for example); it is mandatory in certain uses of TLS. The GnuTLS library does support ALPN (since 2013, it seems). My understanding is that definitions for the two functions described here would need to be added to gnutls.c: https://www.gnutls.org/manual/html_node/Application-Layer-Protocol-Negotiation-_0028ALPN_0029.html Use case: the recent 17.0 release of PostgreSQL has added a "direct TLS" connection mode which requires ALPN. Some hosted PostgreSQL providers only offer direct TLS connections (I presume this allows them to use standard TLS gateways). I would like to allow connections to these services using the pg-el library (https://github.com/emarsden/pg-el), which implements the PostgreSQL wire protocol.