From: claudio.bley@gmail.com (Claudio Bley)
To: emacs-devel@gnu.org
Subject: Re: [PATCH] GnuTLS support on Woe32
Date: Mon, 07 Mar 2011 22:03:46 +0100 [thread overview]
Message-ID: <87ipvuwslp.wl%claudio.bley@gmail.com> (raw)
In-Reply-To: <83oc5ogp89.fsf@gnu.org> <pknsjuzs7bk.fsf@this.is.really.invalid> <pkntyffyztj.fsf@this.is.really.invalid>
At Sun, 06 Mar 2011 18:58:46 +0200,
Eli Zaretskii wrote:
>
> > From: claudio.bley@gmail.com (Claudio Bley)
> > Date: Sun, 06 Mar 2011 16:16:34 +0100
> >
> > Please find attached a patch which makes building Emacs with GnuTLS
> > support on Woe32 possible.
>
> Thanks.
>
> I have a few initial comments, based on reading through the patch.
I'll try to answer as best as I can...
> > --- lisp/gnus/starttls.el 2011-01-25 04:08:28 +0000
> > +++ lisp/gnus/starttls.el 2011-03-06 14:57:51 +0000
> > @@ -195,37 +195,46 @@
> > :type 'regexp
> > :group 'starttls)
> >
> > +(eval-and-compile
> > + (when (fboundp 'gnutls-boot) (require 'gnutls)))
>
> Can you explain why are these fboundp calls needed?
I want to detect whether the current Emacs instance has been built
with GnuTLS support. If so, load gnutls, otherwise use the old
starttls / gnutls-cli approach.
> > --- lisp/net/gnutls.el 2011-01-25 04:08:28 +0000
> > +++ lisp/net/gnutls.el 2011-03-06 14:57:51 +0000
> > @@ -78,7 +78,8 @@
> > KEYFILES is a list of client keys."
> > (let* ((type (or type 'gnutls-x509pki))
> > (trustfiles (or trustfiles
> > - '("/etc/ssl/certs/ca-certificates.crt")))
> > + (when (file-exists-p "/etc/ssl/certs/ca-certificates.crt")
> > + '("/etc/ssl/certs/ca-certificates.crt"))))
>
> Can a file name that starts with a slash work reliably on Windows?
[A] No. It will refer to the drive of CWD. This was just a fix I dropped
in because on Windows there usually is no /etc directory at all and
hence the function failed when passing nil or '() as argument.
The parameter probably should be tri-state: use a default value, use
the given trustfiles or use no trustfiles at all.
> > +2011-03-06 Claudio Bley <claudio.bley@gmail.com>
> > +
> > + * configure.bat: New options --without-gnutls and --lib, new build
> > + variable USER_LIBS, automatically detect GnuTLS.
> > + * INSTALL: Add instructions for GnuTLS support.
> > + * gmake.defs: Prefix USER_LIB's with -l.
>
> Why do we need the --lib switch? We don't require it for any other
> optional libraries. Can we arrange for GnuTLS support configury to
> work like the other optional libraries?
The difference is that the other libraries are not linked implicitly
but explicitly / dynamically at runtime.
Of course, one could also do this for GnuTLS, but that would need some
refactoring.
Furthermore, using --lib you may easily choose whether to link GnuTLS
statically or as a DLL.
> > +* Optional GnuTLS support
> > +
> > + To build Emacs with GnuTLS support, make sure that the
> > + gnutls/gnutls.h header file can be found in the include path and
> > + link to the appropriate libraries (e.g. gnutls.dll and gcrypt.dll)
> > + using the --lib option.
>
> Is it possible to mention here good sites to look for the GnuTLS
> header and libraries?
Sure.
> > +#ifdef WINDOWSNT
> > +# include "sys/socket.h"
> > +# include "systime.h"
> > +
> > +/* we need to translate Winsock errors because GnuTLS only checks
> > + * for EAGAIN or EINTR */
> > +static int
> > +wsaerror_to_errno(int err)
> > +{
> > + switch (err)
> > + {
> > + case WSAEWOULDBLOCK:
> > + return EAGAIN;
> > + case WSAEINTR:
> > + return EINTR;
> > + default:
> > + return err;
> > + }
> > +}
>
> Why is this function needed? Can you extend w32.c:set_errno instead
> (if it doesn't already support all the values of WSA* errors that you
> need)?
Yes, I could extend w32.c:set_errno, if I move the Windows-specific
function to w32.c proper...
> > +static ssize_t
> > +emacs_gnutls_pull(gnutls_transport_ptr_t p, void* buf, size_t sz)
>
> Can we move the Windows-specific functions to w32.c, and only call
> them from gnutls.c? I think we want to keep the Windows-related code
> outside w32*.c to the bare minimum.
OK.
> > + /* On Windows we cannot transfer socket handles between
> > + * different runtime libraries.
> > + *
> > + * We must handle reading / writing ourselves.
> > + */
>
> This is not the Emacs style of comments.
OK.
> > - ret = gnutls_handshake (state);
> > + do
> > + {
> > + ret = gnutls_handshake (state);
> > + emacs_gnutls_handle_error (state, ret);
> > + }
> > + while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
>
> This change is not Windows-specific. What problem(s) does it solve,
> and are those problems relevant to platforms other than Windows?
According to GnuTLS documentation, one should retry calling
gnutls_handshake until it returns 0 (and no fatal error occurred of
course).
For non-blocking sockets handshaking could fail with various non-fatal
errors (e.g. EAGAIN).
> > + else
> > + {
> > + gnutls_alert_send_appropriate (state, ret);
> > + }
> > + return ret;
>
> Likewise here.
This is for alarm handling. If the TLS Server sends an alarm, the
client should react appropriately.
> > - return (bytes_written ? bytes_written : -1);
> > + {
> > + emacs_gnutls_handle_error (state, rtnval);
> > +
> > + return (bytes_written ? bytes_written : -1);
> > + }
>
> And here. Why do you introduce emacs_gnutls_handle_error?
That function is just a convenience to report errors using
message(). I copied this function shamelessly from gnutls/src/cli.c,
BTW.
> > --- src/process.c 2011-02-18 17:37:30 +0000
> > +++ src/process.c 2011-03-06 14:57:51 +0000
> > @@ -4785,6 +4785,21 @@
> > &Available,
> > (check_write ? &Writeok : (SELECT_TYPE *)0),
> > (SELECT_TYPE *)0, &timeout);
> > +
> > +#ifdef HAVE_GNUTLS
> > + /*
> > + * GnuTLS buffers data internally. In lowat mode it leaves some data
> > + * in the TCP buffers so that select works, but with custom pull/push
> > + * functions we need to check if some data is available in the buffers
> > + * manually.
> > + */
> > + if (nfds == 0 && wait_proc && wait_proc->gnutls_p
> > + && gnutls_record_check_pending(wait_proc->gnutls_state) > 0)
> > + {
> > + FD_SET (wait_proc->infd, &Available);
> > + nfds = 1;
> > + }
> > +#endif
>
> Is this for Windows only? If so, please mention that in a comment.
> If not, what problems does it solve on other platforms?
I'm not quite sure. Quoting the GnuTLS manual
(http://www.gnu.org/software/gnutls/manual/html_node/The-transport-layer.html):
For non blocking sockets or other custom made pull/push functions the
gnutls_transport_set_lowat must be called, with a zero low water mark
value.
AFAIU, this means that if using non-blocking sockets (which Emacs does
on other platforms I guess?) you would need to check for pending data
in the GnuTLS buffers or else Emacs might hang, waiting for data on
the socket which will never arrive because it was already transferred
to the internal buffers.
> Last, but not least: I don't see your name on file with the FSF
> copyright assignments. A contribution of this size will require you
> to sign legal papers.
OK, I'll see to get this done.
At Mon, 07 Mar 2011 08:44:47 +0100,
Robert Pluim wrote:
>
> >> --- lisp/gnus/starttls.el 2011-01-25 04:08:28 +0000
> >> +++ lisp/gnus/starttls.el 2011-03-06 14:57:51 +0000
> >> @@ -195,37 +195,46 @@
> >> :type 'regexp
> >> :group 'starttls)
> >>
> >> +(eval-and-compile
> >> + (when (fboundp 'gnutls-boot) (require 'gnutls)))
> >
> > Can you explain why are these fboundp calls needed?
> >
>
> Please don't install this bit of the patch. Builtin TLS support builds
> on my platform, but doesn't actually work, so forcing it to be used
> would not be good for me.
Why do you build it if you know it doesn't work?
Anyway, that is a bug which should be fixed.
At Mon, 07 Mar 2011 11:44:56 +0100,
Robert Pluim wrote:
> I modify that comment: builtin TLS support works for me if I set
> 'trustfiles' to nil in gnutls-negotiate, instead of
> "/etc/ssl/certs/ca-certificates.crt", which I don't have. What is that
> file, and why do I need it all of a sudden? (builtin TLS worked fine for
> me several months ago).
That issue would be fixed by part [A] of the patch (see above).
- Claudio
next prev parent reply other threads:[~2011-03-07 21:03 UTC|newest]
Thread overview: 142+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-06 15:16 [PATCH] GnuTLS support on Woe32 Claudio Bley
2011-03-06 16:58 ` Eli Zaretskii
2011-03-07 7:44 ` Robert Pluim
2011-03-07 10:44 ` Robert Pluim
2011-03-07 11:04 ` Ted Zlatanov
2011-03-07 12:03 ` Robert Pluim
2011-03-07 21:03 ` Claudio Bley [this message]
2011-03-08 8:29 ` Robert Pluim
2011-03-08 8:59 ` Eli Zaretskii
2011-03-08 9:11 ` Robert Pluim
2011-03-08 9:14 ` Lars Magne Ingebrigtsen
2011-03-08 9:29 ` Eli Zaretskii
2011-03-09 21:12 ` Claudio Bley
2011-03-12 12:48 ` Eli Zaretskii
2011-03-13 13:53 ` Claudio Bley
2011-03-13 18:41 ` Eli Zaretskii
2011-03-14 7:43 ` Claudio Bley
2011-03-14 19:16 ` Ted Zlatanov
2011-03-15 7:57 ` Claudio Bley
2011-03-15 9:24 ` Ted Zlatanov
2011-03-20 21:41 ` Claudio Bley
2011-03-22 3:20 ` Ted Zlatanov
2011-03-22 5:40 ` Stefan Monnier
2011-03-22 13:03 ` Ted Zlatanov
2011-03-22 16:19 ` Robert Pluim
2011-03-22 16:50 ` Ted Zlatanov
2011-03-22 17:12 ` Robert Pluim
2011-03-22 17:57 ` Ted Zlatanov
2011-03-22 18:51 ` Stefan Monnier
2011-03-22 18:56 ` Robert Pluim
2011-03-22 21:18 ` Ted Zlatanov
2011-03-23 8:42 ` Robert Pluim
2011-03-22 18:50 ` Stefan Monnier
2011-03-22 21:14 ` Ted Zlatanov
2011-03-23 1:20 ` Stefan Monnier
2011-03-23 15:23 ` Ted Zlatanov
2011-03-23 17:50 ` Stefan Monnier
2011-03-23 20:57 ` Claudio Bley
2011-03-24 19:27 ` Ted Zlatanov
2011-03-24 20:07 ` Robert Pluim
2011-03-24 20:36 ` Ted Zlatanov
2011-03-25 13:46 ` Robert Pluim
2011-03-25 14:09 ` Ted Zlatanov
2011-04-04 9:58 ` Ted Zlatanov
2011-04-14 7:34 ` Deniz Dogan
2011-04-14 9:30 ` Ted Zlatanov
2011-04-15 18:14 ` Ted Zlatanov
2011-04-15 18:23 ` Eli Zaretskii
2011-04-15 22:47 ` Ted Zlatanov
2011-04-15 23:58 ` Richard Stallman
2011-04-16 0:46 ` Ted Zlatanov
2011-04-16 1:45 ` Lars Magne Ingebrigtsen
2011-04-18 15:51 ` Ted Zlatanov
2011-04-21 22:55 ` Ted Zlatanov
2011-04-22 7:07 ` Glenn Morris
2011-04-22 13:12 ` Ted Zlatanov
2011-04-25 1:35 ` Ted Zlatanov
2011-04-25 12:42 ` Christoph Scholtes
2011-04-25 12:49 ` Ted Zlatanov
2011-04-27 1:50 ` Christoph Scholtes
2011-04-27 3:35 ` Ted Zlatanov
2011-04-27 3:57 ` Christoph Scholtes
2011-04-27 4:13 ` open-network-stream problems on W32 (was: [PATCH] GnuTLS support on Woe32) Ted Zlatanov
2011-04-27 4:34 ` open-network-stream problems on W32 Christoph Scholtes
2011-05-02 18:37 ` Ted Zlatanov
2011-05-02 19:00 ` Ted Zlatanov
2011-05-02 19:15 ` Lars Magne Ingebrigtsen
2011-05-02 19:22 ` Ted Zlatanov
2011-05-05 3:47 ` Christoph Scholtes
2011-05-05 10:37 ` Eli Zaretskii
2011-05-05 12:27 ` Christoph Scholtes
2011-05-05 10:40 ` Ted Zlatanov
2011-04-27 12:19 ` [PATCH] GnuTLS support on Woe32 Juanma Barranquero
2011-05-02 16:20 ` Juanma Barranquero
2011-05-02 18:29 ` Ted Zlatanov
2011-05-02 19:00 ` Juanma Barranquero
2011-05-02 19:12 ` Ted Zlatanov
2011-05-02 19:38 ` Juanma Barranquero
2011-05-02 19:39 ` Juanma Barranquero
2011-05-02 19:47 ` Ted Zlatanov
2011-05-02 19:53 ` Juanma Barranquero
2011-05-02 21:16 ` Chong Yidong
2011-05-02 22:45 ` Lars Magne Ingebrigtsen
2011-05-02 23:05 ` Juanma Barranquero
2011-05-02 20:10 ` Tom Tromey
2011-05-02 20:14 ` Juanma Barranquero
2011-05-02 20:34 ` Eli Zaretskii
2011-05-02 22:46 ` Lars Magne Ingebrigtsen
2011-05-02 23:06 ` Juanma Barranquero
2011-05-02 19:14 ` Lars Magne Ingebrigtsen
2011-05-03 2:27 ` Juanma Barranquero
2011-05-03 4:19 ` Eli Zaretskii
2011-05-03 10:01 ` Juanma Barranquero
2011-05-03 16:47 ` Eli Zaretskii
2011-05-03 19:22 ` Juanma Barranquero
2011-05-03 23:08 ` Juanma Barranquero
2011-05-04 3:05 ` Eli Zaretskii
2011-05-04 3:26 ` Juanma Barranquero
2011-05-03 14:41 ` Ted Zlatanov
2011-05-03 18:32 ` Andreas Schwab
2011-05-03 18:44 ` Drew Adams
2011-05-03 21:28 ` Andreas Schwab
2011-05-03 19:15 ` Juanma Barranquero
2011-05-03 21:26 ` Andreas Schwab
2011-05-03 22:27 ` Juanma Barranquero
2011-05-04 7:50 ` Andreas Schwab
2011-05-04 8:38 ` Juanma Barranquero
2011-05-04 9:04 ` David Kastrup
2011-05-04 11:31 ` Juanma Barranquero
2011-05-04 5:36 ` David Kastrup
2011-05-03 19:35 ` Juanma Barranquero
2011-05-03 19:49 ` Ted Zlatanov
2011-05-03 19:53 ` Juanma Barranquero
2011-05-04 1:30 ` Juanma Barranquero
2011-05-04 1:56 ` Ted Zlatanov
2011-05-04 3:25 ` Juanma Barranquero
2011-05-04 9:33 ` Ted Zlatanov
2011-05-04 10:00 ` Eli Zaretskii
2011-05-04 11:35 ` Juanma Barranquero
2011-03-23 12:25 ` Ted Zlatanov
2011-03-23 13:14 ` Robert Pluim
2011-03-23 14:58 ` Ted Zlatanov
2011-03-23 15:10 ` Robert Pluim
2011-03-23 15:49 ` Ted Zlatanov
2011-03-23 20:50 ` Claudio Bley
2011-03-23 21:55 ` Stefan Monnier
2011-03-24 15:49 ` GNU coding standard highlighting rules (was: [PATCH] GnuTLS support on Woe32) Ted Zlatanov
2011-03-27 21:47 ` GNU coding standard highlighting rules Stefan Monnier
2011-03-28 19:28 ` Ted Zlatanov
2011-03-23 18:05 ` [PATCH] GnuTLS support on Woe32 Ted Zlatanov
2011-03-07 11:14 ` Eli Zaretskii
2011-03-07 12:00 ` Robert Pluim
2011-03-07 16:34 ` Lars Magne Ingebrigtsen
2011-03-07 21:33 ` Claudio Bley
2011-03-08 9:16 ` Lars Magne Ingebrigtsen
2011-03-09 21:29 ` Claudio Bley
2011-03-09 21:33 ` Lars Magne Ingebrigtsen
2011-03-10 8:54 ` POP3 UIDL - pop3-leave-mail-on-server (was: [PATCH] GnuTLS support on Woe32) Reiner Steib
2011-03-15 16:08 ` POP3 UIDL - pop3-leave-mail-on-server Lars Magne Ingebrigtsen
2011-03-15 17:49 ` chad
2011-03-08 3:26 ` [PATCH] GnuTLS support on Woe32 Ted Zlatanov
2011-03-09 21:26 ` Claudio Bley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ipvuwslp.wl%claudio.bley@gmail.com \
--to=claudio.bley@gmail.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).