From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Michael Albinus <michael.albinus@gmx.de>
Newsgroups: gmane.emacs.devel
Subject: Re: master 344f769: Add support for using a TLS client certificate
 with 'erc-tls' (bug#47788)
Date: Mon, 10 May 2021 14:04:06 +0200
Message-ID: <87tunadccp.fsf@gmx.de>
References: <20210423002348.26304.26930@vcs0.savannah.gnu.org>
 <20210423002349.50D7F20D12@vcs0.savannah.gnu.org>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="23749"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
Cc: Amin Bandali <bandali@gnu.org>
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Mon May 10 14:09:25 2021
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1lg4iy-00062L-Sr
	for ged-emacs-devel@m.gmane-mx.org; Mon, 10 May 2021 14:09:24 +0200
Original-Received: from localhost ([::1]:36466 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1lg4ix-0000q0-GF
	for ged-emacs-devel@m.gmane-mx.org; Mon, 10 May 2021 08:09:23 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:33040)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <michael.albinus@gmx.de>)
 id 1lg4dv-0005bI-LM
 for emacs-devel@gnu.org; Mon, 10 May 2021 08:04:11 -0400
Original-Received: from mout.gmx.net ([212.227.15.18]:45791)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <michael.albinus@gmx.de>)
 id 1lg4dt-0007Fa-A9; Mon, 10 May 2021 08:04:11 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net;
 s=badeba3b8450; t=1620648247;
 bh=N7dMf/vXNWWehHPhILWyDjMMnfQV4glfbxYXp/fIpyw=;
 h=X-UI-Sender-Class:From:To:Cc:Subject:References:Date:In-Reply-To;
 b=SaVoSim4O1Cz7T1SDQgoy/aXke6/U8THhG/mySYYNXP1q1in2TUpdZg2AjMHPcdwS
 ZkCNPYJyYNVJm7CVUrPYXrq25UslazQX6enqB4t4qFHaB5c2RkNkLEx98xhZBlcwmC
 bqU7YDvEaqYv8rna5fd/Nb5F9N8/kWi0MaZqk8dA=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Original-Received: from gandalf.gmx.de ([79.140.125.0]) by mail.gmx.net (mrgmx004
 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MEUzA-1lioii3klu-00Fzsu; Mon, 10
 May 2021 14:04:06 +0200
In-Reply-To: <20210423002349.50D7F20D12@vcs0.savannah.gnu.org> (Amin Bandali's
 message of "Thu, 22 Apr 2021 20:23:48 -0400 (EDT)")
X-Provags-ID: V03:K1:WSmQHFTvSl9SugnXAdfeyjH+3P+uRKx4A9wnxT747tiwcaYubdF
 NJJjAtdapTij6VhjWGHnwZqP4opiFOKDDJVl3mHzIhTUO+oMc2lUp0G+50jZr/flnFlDdWy
 YkVdcm6hmu6Wq8/gAqiaO0sqGYEY3h+z14kN+s/ya6NYa4O0poEabCSUdLt9lRAmKSPm2XM
 jvtIzcnXM/8Tw0S50LdyQ==
X-UI-Out-Filterresults: notjunk:1;V03:K0:8WYvlsveCLQ=:T6V2YpL6w9rf+2FrmMaxd2
 LUCXUmpjl6VxyR6G60Whvx1gKiV9GfRz0k7A27pdOiT0LWjBKT/9qe2p4ycZ67OoOdUGIheuh
 14poUhC8lgAdU7kJ/S46fFh0h7QWodsQA5pufa0fTd3NG9IZ3o2pSMJIz9QPas6x0Dhp4Cs43
 jU6CZTaisQboBVJ2tF9stkohUkh/IzIbFRTM4rn6g2D0+lceLo1ILQnVHlRyFAhInc1ZxfvVE
 CATOSbi3qFwCfzrF0gEawxzoxtTA2LlPc1byGZBa2SiLmGW0fLTEBxJtxZz/hRb2Z2cSLhJ7U
 u/9TLEZOjIDThobyJvoXWMdVT6JaTbI1YcZKV33yWWF/UAwHSZhHgRPpaSjEk/npeiVfEcZFr
 eQihcrBNIs1Q3yIwsEWJnBwP495yVJUx9WzBF4s8B/D4G9iMEyINU2jOv4QTPKAou/85j703t
 R5wHBu9Q+/C8Ntmqe7j1zR+BcfaD4MMKzBiPSt9s3FiptE+A08RTMDW0KszLMQzsY+FlW4UzL
 oCsO28eCGSSAxvjVA0O1N3SbeMgameqUm/aKwPxaUK1fPghOAdu/d/O2+zTLjBUaxIuxHOrYX
 iWTZSGAu/12DeGiSGa/I+K9ns1hzM70ubUxPqta4GyLEYytzil5w4omiWQmso1Sf/Fou7IBWJ
 Z16PPLzJ5/SWHONVqJLy56NJvVMukxLL8wtiGDTaJCQ3GnNvpSDU8TEI0BqACyDsieriUEFog
 mrHcp9y8kwU4mvZQRkmT4/BqsaTQhtqfUWRHgvyx71APxHoNu7abZHI6a1Dr0FovFNEU3bK9 
Received-SPF: pass client-ip=212.227.15.18;
 envelope-from=michael.albinus@gmx.de; helo=mout.gmx.net
X-Spam_score_int: -25
X-Spam_score: -2.6
X-Spam_bar: --
X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7,
 RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: "Emacs-devel"
 <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.devel:269109
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/269109>

bandali@gnu.org (Amin Bandali) writes:

Hi,

> diff --git a/doc/misc/erc.texi b/doc/misc/erc.texi
> index d635cac..45a753d 100644
> --- a/doc/misc/erc.texi
> +++ b/doc/misc/erc.texi

> +@example
> +(erc-tls :server "chat.freenode.net" :port 6697
> +         :client-certificate t)
> +@end example
> +
> +In the case of @code{:client-certificate t}, you will need to add a
> +line like the following to your authinfo file
> +(e.g. @file{~/.authinfo.gpg}):
> +
> +@example
> +machine chat.freenode.net key /home/bandali/my-cert.key cert /home/bandali/my-cert.crt
> +@end example
> +@end defun

This explains the .authinfo/.netrc case. But auth-source knows more
backends, how are they supported? I guess, this question must be
answered by the auth Info manual, so I would recommend a reference to
that manual.

> diff --git a/etc/NEWS b/etc/NEWS
> index 6fe4e98..34aeaf0 100644
> --- a/etc/NEWS
> +++ b/etc/NEWS

> +To use a certificate with 'erc-tls', specify the ':client-certificate'
> +optional parameter, whose value should be as described in the
> +documentation of 'open-network-stream': if non-nil, it should either
> +be a list where the first element is the file name of the private key
> +corresponding to a client certificate and the second element is the
> +file name of the client certificate itself to use when connecting over
> +TLS, or t, which means that 'auth-source' will be queried for the
> +private key and the certificate.
> +
> +Examples of use:
> +
> +    (erc-tls :server "chat.freenode.net" :port 6697
> +             :client-certificate
> +             '("/home/bandali/my-cert.key"
> +               "/home/bandali/my-cert.crt"))
> +
> +    (erc-tls :server "chat.freenode.net" :port 6697
> +             :client-certificate
> +             `(,(expand-file-name "~/cert-freenode.key")
> +               ,(expand-file-name "~/cert-freenode.crt")))
> +
> +    (erc-tls :server "chat.freenode.net" :port 6697
> +             :client-certificate t)
> +
> +In the case of ':client-certificate t', you will need to add a line
> +like the following to your authinfo file (e.g. "~/.authinfo.gpg"):
> +
> +    machine chat.freenode.net key /home/bandali/my-cert.key cert /home/bandali/my-cert.crt

I believe, this is too much / too detailed for etc/NEWS. A reference to
the ERC Info manual would be better.

Best regards, Michael.