From: Ted Zlatanov <tzz@lifelogs.com>
To: emacs-devel@gnu.org
Subject: Re: using GnuTLS 3.x and certificate checks
Date: Mon, 07 Oct 2013 18:24:39 -0400 [thread overview]
Message-ID: <87pprgzplk.fsf@flea.lifelogs.com> (raw)
In-Reply-To: 877gi7wfr7.fsf@lifelogs.com
[-- Attachment #1: Type: text/plain, Size: 1058 bytes --]
On Wed, 05 Jun 2013 11:13:18 -0400 Ted Zlatanov <tzz@lifelogs.com> wrote:
TZ> Without comments, I will assume a general OK on these two things:
TZ> - move to the GnuTLS 3.x API and require that version of the libraries.
Related to this discussion and to bug#14774 (audit_log function, which
is only in GnuTLS 3.x)...
I found that many platforms are still on GnuTLS 2.x. Unfortunately I
think we should keep compatibility with 2.x for a while longer and make
the 3.x features optional. I hate that ambiguity and testing is made
harder, but OTOH we would keep supporting many users.
Here's a simple patch that finds GnuTLS 3.x and sets HAVE_GNUTLS3. In
that case we set the audit_log function; otherwise we keep
compatibility. Note the configure message that GnuTLS 3.x is highly
recommended.
Let me know what you think and if I should be more forceful here. If I
should keep the compatibility path I will also add a
`gnutls-library-version' string variable so ELisp code can use it and
start moving on the tasks listed in this thread.
Thanks
Ted
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: gnutlsv3.patch --]
[-- Type: text/x-diff, Size: 3889 bytes --]
=== modified file 'configure.ac'
--- configure.ac 2013-09-25 03:44:34 +0000
+++ configure.ac 2013-10-07 21:11:24 +0000
@@ -2425,12 +2425,18 @@
AC_SUBST(LIBSELINUX_LIBS)
HAVE_GNUTLS=no
+HAVE_GNUTLS3=no
if test "${with_gnutls}" = "yes" ; then
PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 2.6.6], HAVE_GNUTLS=yes, HAVE_GNUTLS=no)
+ PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 3.0.0], HAVE_GNUTLS3=yes, HAVE_GNUTLS3=no)
if test "${HAVE_GNUTLS}" = "yes"; then
AC_DEFINE(HAVE_GNUTLS, 1, [Define if using GnuTLS.])
fi
+ if test "${HAVE_GNUTLS3}" = "yes"; then
+ AC_DEFINE(HAVE_GNUTLS3, 1, [Define if using GnuTLS v3.])
+ fi
+
# Windows loads GnuTLS dynamically
if test "${opsys}" = "mingw32"; then
LIBGNUTLS_LIBS=
@@ -4934,6 +4940,7 @@
echo " Does Emacs use access control lists? ${acl_summary}"
echo " Does Emacs use -lselinux? ${HAVE_LIBSELINUX}"
echo " Does Emacs use -lgnutls? ${HAVE_GNUTLS}"
+echo " Does Emacs use -lgnutls v3 (HIGHLY RECOMMENDED)? ${HAVE_GNUTLS3}"
echo " Does Emacs use -lxml2? ${HAVE_LIBXML2}"
echo " Does Emacs use -lfreetype? ${HAVE_FREETYPE}"
=== modified file 'src/gnutls.c'
--- src/gnutls.c 2013-01-02 16:13:04 +0000
+++ src/gnutls.c 2013-10-07 22:14:55 +0000
@@ -55,6 +55,7 @@
static Lisp_Object QCgnutls_bootprop_callbacks_verify;
static void gnutls_log_function (int, const char *);
+static void gnutls_audit_log_function (gnutls_session_t, const char *);
static void gnutls_log_function2 (int, const char*, const char*);
\f
@@ -108,6 +109,9 @@
DEF_GNUTLS_FN (int, gnutls_error_is_fatal, (int));
DEF_GNUTLS_FN (int, gnutls_global_init, (void));
DEF_GNUTLS_FN (void, gnutls_global_set_log_function, (gnutls_log_func));
+#ifdef HAVE_GNUTLS3
+DEF_GNUTLS_FN (void, gnutls_global_set_audit_log_function, (gnutls_audit_log_func));
+#endif
DEF_GNUTLS_FN (void, gnutls_global_set_log_level, (int));
DEF_GNUTLS_FN (void, gnutls_global_set_mem_functions,
(gnutls_alloc_function, gnutls_alloc_function,
@@ -173,6 +177,9 @@
LOAD_GNUTLS_FN (library, gnutls_error_is_fatal);
LOAD_GNUTLS_FN (library, gnutls_global_init);
LOAD_GNUTLS_FN (library, gnutls_global_set_log_function);
+#ifdef HAVE_GNUTLS3
+ LOAD_GNUTLS_FN (library, gnutls_global_set_audit_log_function);
+#endif
LOAD_GNUTLS_FN (library, gnutls_global_set_log_level);
LOAD_GNUTLS_FN (library, gnutls_global_set_mem_functions);
LOAD_GNUTLS_FN (library, gnutls_handshake);
@@ -230,6 +237,9 @@
#define fn_gnutls_error_is_fatal gnutls_error_is_fatal
#define fn_gnutls_global_init gnutls_global_init
#define fn_gnutls_global_set_log_function gnutls_global_set_log_function
+#ifdef HAVE_GNUTLS3
+#define fn_gnutls_global_set_audit_log_function gnutls_global_set_audit_log_function
+#endif
#define fn_gnutls_global_set_log_level gnutls_global_set_log_level
#define fn_gnutls_global_set_mem_functions gnutls_global_set_mem_functions
#define fn_gnutls_handshake gnutls_handshake
@@ -249,6 +259,16 @@
#endif /* !WINDOWSNT */
\f
+/* Function to log a simple audit message. */
+static void
+gnutls_audit_log_function (gnutls_session_t session, const char* string)
+{
+ if (global_gnutls_log_level >= 1)
+ {
+ message ("gnutls.c: [audit] %s", string);
+ }
+}
+
/* Function to log a simple message. */
static void
gnutls_log_function (int level, const char* string)
@@ -797,6 +817,9 @@
if (TYPE_RANGED_INTEGERP (int, loglevel))
{
fn_gnutls_global_set_log_function (gnutls_log_function);
+#ifdef HAVE_GNUTLS3
+ fn_gnutls_global_set_audit_log_function (gnutls_audit_log_function);
+#endif
fn_gnutls_global_set_log_level (XINT (loglevel));
max_log_level = XINT (loglevel);
XPROCESS (proc)->gnutls_log_level = max_log_level;
next prev parent reply other threads:[~2013-10-07 22:24 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-23 14:32 Anyone building Emacs trunk with MinGW w64 (32 bits) Óscar Fuentes
2013-03-23 15:25 ` Eli Zaretskii
2013-03-23 15:49 ` Óscar Fuentes
2013-03-23 17:49 ` Eli Zaretskii
2013-03-23 19:47 ` Andy Moreton
2013-03-23 20:06 ` Eli Zaretskii
2013-03-23 20:18 ` Cross-compiling with MinGW on GNU/Linux (was: Anyone building Emacs trunk with MinGW w64 (32 bits)) Óscar Fuentes
2013-03-23 20:27 ` Eli Zaretskii
2013-03-24 9:08 ` 64-bit port " cg
2013-03-24 14:00 ` Fabrice Popineau
2013-03-24 15:11 ` 64-bit port cg
2013-03-26 21:05 ` Fabrice Popineau
2013-03-24 15:40 ` 64-bit port (was: Anyone building Emacs trunk with MinGW w64 (32 bits)) Eli Zaretskii
2013-03-25 13:57 ` Anyone building Emacs trunk with MinGW w64 (32 bits) Eli Zaretskii
2013-03-25 17:09 ` Óscar Fuentes
2013-03-25 20:30 ` Eli Zaretskii
2013-03-25 20:49 ` Óscar Fuentes
2013-03-26 2:24 ` Stefan Monnier
2013-03-26 6:34 ` Eli Zaretskii
2013-03-26 11:10 ` Óscar Fuentes
2013-03-26 12:07 ` Eli Zaretskii
2013-03-26 12:34 ` Óscar Fuentes
2013-03-26 13:24 ` Eli Zaretskii
2013-03-26 16:17 ` Óscar Fuentes
2013-03-26 16:32 ` Eli Zaretskii
2013-03-25 17:41 ` Óscar Fuentes
2013-03-25 18:44 ` rzl24ozi
2013-03-25 19:11 ` Óscar Fuentes
2013-03-25 19:46 ` Óscar Fuentes
2013-03-25 20:48 ` Eli Zaretskii
2013-03-25 21:30 ` Óscar Fuentes
2013-03-25 21:37 ` Óscar Fuentes
2013-03-25 22:02 ` Eli Zaretskii
2013-03-25 22:07 ` Eli Zaretskii
2013-03-26 8:25 ` Eli Zaretskii
2013-03-26 11:48 ` Óscar Fuentes
2013-03-26 12:42 ` Eli Zaretskii
2013-03-26 13:54 ` Eli Zaretskii
2013-03-26 14:06 ` Eli Zaretskii
2013-03-26 20:49 ` Óscar Fuentes
2013-03-26 21:24 ` Eli Zaretskii
2013-03-26 21:58 ` Óscar Fuentes
2013-03-26 22:30 ` Óscar Fuentes
2013-03-27 7:24 ` Eli Zaretskii
2013-03-25 20:38 ` Eli Zaretskii
2013-03-25 21:24 ` Eli Zaretskii
2013-03-25 21:33 ` Eli Zaretskii
2013-03-25 21:35 ` Óscar Fuentes
2013-03-25 23:41 ` rzl24ozi
2013-03-26 1:40 ` Óscar Fuentes
2013-03-26 6:42 ` Eli Zaretskii
2013-03-26 9:41 ` rzl24ozi
2013-03-26 13:52 ` rzl24ozi
2013-03-26 14:17 ` Eli Zaretskii
2013-03-26 15:48 ` rzl24ozi
2013-03-26 16:07 ` Eli Zaretskii
2013-03-26 17:38 ` Eli Zaretskii
2013-03-26 18:13 ` rzl24ozi
2013-03-26 18:57 ` Eli Zaretskii
2013-03-26 20:17 ` Óscar Fuentes
2013-03-26 20:34 ` Eli Zaretskii
2013-03-27 8:17 ` rzl24ozi
2013-03-27 8:41 ` Eli Zaretskii
2013-03-27 9:34 ` rzl24ozi
2013-03-27 10:10 ` Eli Zaretskii
2013-03-27 11:35 ` rzl24ozi
2013-03-27 12:03 ` Eli Zaretskii
2013-03-27 12:57 ` rzl24ozi
2013-03-27 13:27 ` Eli Zaretskii
2013-03-27 22:03 ` rzl24ozi
2013-03-28 6:40 ` Eli Zaretskii
2013-03-27 13:17 ` using GnuTLS 3.x and certificate checks (was: Anyone building Emacs trunk with MinGW w64 (32 bits)) Ted Zlatanov
2013-04-10 20:35 ` using GnuTLS 3.x and certificate checks Christopher Schmidt
2013-05-19 2:57 ` Ted Zlatanov
2013-05-19 19:34 ` Christopher Schmidt
2013-05-19 22:59 ` Ted Zlatanov
2013-06-05 15:07 ` Ted Zlatanov
2013-06-05 15:59 ` Christopher Schmidt
2013-06-05 15:08 ` Ted Zlatanov
2013-06-05 17:44 ` Stefan Monnier
2013-06-05 18:03 ` Ted Zlatanov
2013-06-05 18:42 ` Stefan Monnier
2013-06-05 15:13 ` Ted Zlatanov
2013-06-05 20:55 ` Ted Zlatanov
2013-06-06 13:06 ` Ted Zlatanov
2013-10-07 22:24 ` Ted Zlatanov [this message]
2013-10-10 23:20 ` Ted Zlatanov
2013-10-10 23:37 ` Glenn Morris
2013-10-11 13:48 ` Ted Zlatanov
2013-03-26 14:33 ` Anyone building Emacs trunk with MinGW w64 (32 bits) Eli Zaretskii
2013-03-26 16:56 ` rzl24ozi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87pprgzplk.fsf@flea.lifelogs.com \
--to=tzz@lifelogs.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).