From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Chong Yidong Newsgroups: gmane.emacs.devel Subject: Re: url library and GnuTLS, and Emacs-issued certificates Date: Wed, 23 Mar 2011 17:51:18 -0400 Message-ID: <87ei5xo695.fsf@stupidchicken.com> References: <87mxkojpk4.fsf@lifelogs.com> <87hbawtbq7.fsf@stupidchicken.com> <878vw8hznm.fsf_-_@lifelogs.com> <87ei5xsvl6.fsf@lifelogs.com> <87hbatofix.fsf@stupidchicken.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1300917149 25281 80.91.229.12 (23 Mar 2011 21:52:29 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Wed, 23 Mar 2011 21:52:29 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Mar 23 22:52:25 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Q2VyJ-0000eb-MI for ged-emacs-devel@m.gmane.org; Wed, 23 Mar 2011 22:52:25 +0100 Original-Received: from localhost ([127.0.0.1]:48524 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Q2Vy8-0006UR-4r for ged-emacs-devel@m.gmane.org; Wed, 23 Mar 2011 17:51:56 -0400 Original-Received: from [140.186.70.92] (port=57439 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Q2Vxi-0006Ix-8i for emacs-devel@gnu.org; Wed, 23 Mar 2011 17:51:51 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Q2VxV-0007eD-2B for emacs-devel@gnu.org; Wed, 23 Mar 2011 17:51:20 -0400 Original-Received: from vm-emlprdomr-03.its.yale.edu ([130.132.50.144]:34282) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Q2VxU-0007e9-Rn for emacs-devel@gnu.org; Wed, 23 Mar 2011 17:51:16 -0400 Original-Received: from furball (dhcp128036014167.central.yale.edu [128.36.14.167]) (authenticated bits=0) by vm-emlprdomr-03.its.yale.edu (8.14.4/8.14.4) with ESMTP id p2NLpF04005254 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Wed, 23 Mar 2011 17:51:16 -0400 Original-Received: by furball (Postfix, from userid 1000) id CF86316028B; Wed, 23 Mar 2011 17:51:18 -0400 (EDT) In-Reply-To: (Lars Magne Ingebrigtsen's message of "Wed, 23 Mar 2011 20:20:36 +0100") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) X-Scanned-By: MIMEDefang 2.71 on 130.132.50.144 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 130.132.50.144 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:137617 Archived-At: Lars Magne Ingebrigtsen writes: >> we should merge net/tls.el and gnus/starttls.el; those two packages >> appear to be duplicates. > > Well, they aren't duplicates per se. tls.el does straight up TLS, while > starttls.el does STARTTLS. The way starttls.el interfaces with the > external programs is pretty hairy (doing some unencrypted traffic, then > sending a signal to the program, and then doing encrypted traffic), and > probably deserves its own elisp file, I think. Could you explain in more detail? What I see is this: ;;; tls.el --- TLS/SSL support via wrapper around GnuTLS ... ;; This package implements a simple wrapper around "gnutls-cli" to ;; make Emacs support TLS/SSL. ... (defun open-tls-stream (name buffer host port) "Open a TLS connection for a port to a host. Returns a subprocess-object to represent the connection. .. ;;; starttls.el --- STARTTLS functions ... ;; This file now contains a combination of the two previous ;; implementations both called "starttls.el". The first one is Daiki ;; Ueno's starttls.el which uses his own "starttls" command line tool, ;; and the second one is Simon Josefsson's starttls.el which uses ;; "gnutls-cli" from GNUTLS. ... (defun starttls-open-stream (name buffer host port) "Open a TLS connection for a port to a host. Returns a subprocess object to represent the connection. ... Both use the gnutls-cli command tool (though starttls.el apparently supports starttls too), and both implement a wrapper around open-network-stream. "Unnecessary duplication" is surely the natural reaction...