From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Robert Pluim Newsgroups: gmane.emacs.devel Subject: Re: ALPN support for GnuTLS connections Date: Mon, 30 Sep 2024 11:21:17 +0200 Message-ID: <87zfnp1oqa.fsf@gmail.com> References: <7f11f60c-37da-4123-ae5b-98c79a132bb1@risk-engineering.org> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="35160"; mail-complaints-to="usenet@ciao.gmane.io" Cc: emacs-devel@gnu.org To: Eric Marsden Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Mon Sep 30 11:22:04 2024 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1svCbU-0008xg-EB for ged-emacs-devel@m.gmane-mx.org; Mon, 30 Sep 2024 11:22:04 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1svCar-0005Ge-EB; Mon, 30 Sep 2024 05:21:25 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1svCap-00059t-Qz for emacs-devel@gnu.org; Mon, 30 Sep 2024 05:21:23 -0400 Original-Received: from mail-wm1-x336.google.com ([2a00:1450:4864:20::336]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1svCao-0005sy-46 for emacs-devel@gnu.org; Mon, 30 Sep 2024 05:21:23 -0400 Original-Received: by mail-wm1-x336.google.com with SMTP id 5b1f17b1804b1-42e7b7bef42so32999225e9.3 for ; Mon, 30 Sep 2024 02:21:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1727688080; x=1728292880; darn=gnu.org; h=mime-version:message-id:date:gmane-reply-to-list:references :in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id :reply-to; bh=A8vcjeoa2ShcETKXNgrSzvChPxdHBUvB1aRZy5fwTi4=; b=aw4bqiIG1cr8xuWVIKPGI+TIK0BrxpxK2ZHB/Bc0OCGBlXJ4dPcNBEW7vCYIJr7BlB 8OvkuskynApbe2f8VZaIDnp7Qm+5Ig5W7IpM/aYRvvFPKz2OwTGlDjhRCjyDHCsKVSnj PPX8l8S3p7FnOTxC8n3zrDm71MUvgXFJ3eZs+Wvo/tpJ2mAvPVQNWUGVu97l3b6zpoVj LvDdFlSzHWlxbgnS0CmDC3tllhpVIqkOkw3o7cmdtcMxO+u7osnoz7EOofJkbkCzrUzZ s1XNheapGbprcBYqvqeF4qgvLXRrQ4s5w+izY/rGzhIHcIMCqniYSSH3jdG54g8sM/aE 9Tmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727688080; x=1728292880; h=mime-version:message-id:date:gmane-reply-to-list:references :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=A8vcjeoa2ShcETKXNgrSzvChPxdHBUvB1aRZy5fwTi4=; b=do5fVwmb+GrLsl3wUO4x3AjYilHOdPbMlc0uMLWvVDMQny2CKTeD5XtqNRxAXIQEpE roDGiOWa6YZxsXj8HVwxJFWo3lXOGfLmuhXiXMxbHLjj+n+4wGvxFriwAQpfSgvltdXV izAgHlHmsNzNbRgRDsiLC+4jIoba3IFB7bZ0624/6UKe3RuI2qn3D1lj0hqhyuoDORMA AJiF0qYGxbZep7zf+6usteHvAfuQilJ8oUeQwixRm5VB+TkIIQus0cQkGnMm8ZfZ0YDP +Ws3yxBPqJmyTCe37YxUswuH4L1ufV1sqTBrSYnCbFkofWbTvJRB5dGEiUOHg1Q9cVYE nC6Q== X-Gm-Message-State: AOJu0YxMZpgiPG5JiHNO9MPdXb0FepgiDoObC73X9NcFZgZNE/ErLNwE BLXjCQRhVnRxYbNVEpkEhWtWipzuRb0ljW0KkLZLyBSAQ0TFwpLQkvyVyw== X-Google-Smtp-Source: AGHT+IFpuAVZmnkSpAF4449qefQYKT3n7Zo3mdLyhGXp84bfn0BVoPrqAYda14m5EmouxCayslHhFA== X-Received: by 2002:a7b:ce8d:0:b0:42c:a8cb:6a96 with SMTP id 5b1f17b1804b1-42f5849939fmr91472285e9.31.1727688079316; Mon, 30 Sep 2024 02:21:19 -0700 (PDT) Original-Received: from rltb ([2a01:e0a:3f3:fb51:cebe:682c:bcca:60a9]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-37cd575e322sm8504474f8f.110.2024.09.30.02.21.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Sep 2024 02:21:18 -0700 (PDT) In-Reply-To: <7f11f60c-37da-4123-ae5b-98c79a132bb1@risk-engineering.org> (Eric Marsden's message of "Sun, 29 Sep 2024 10:23:17 +0200") Gmane-Reply-To-List: yes Received-SPF: pass client-ip=2a00:1450:4864:20::336; envelope-from=rpluim@gmail.com; helo=mail-wm1-x336.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:324212 Archived-At: >>>>> On Sun, 29 Sep 2024 10:23:17 +0200, Eric Marsden said: Eric> Hello, Eric> The GnuTLS support in Emacs does not seem to support the TLS extension Eric> Application Layer Protocol Negotiation (ALPN). ALPN is no longer just useful for Eric> faster TLS handshakes (in HTTP/2, for example); it is mandatory in certain uses Eric> of TLS. Eric> The GnuTLS library does support ALPN (since 2013, it seems). My understanding is Eric> that definitions for the two functions described here would need to be added to Eric> gnutls.c: Eric> https://www.gnutls.org/manual/html_node/Application-Layer-Protocol-Negotiation-_0028ALPN_0029.html Why would we need the 'get' API? Did you want to be able to set the GNUTLS_ALPN_MANDATORY flag and fail the connection? For the 'set' I guess we could add a keyword parameter to `gnutls-negotiate' and its callers, and pass that down to `gnutls-boot-parameters'. Robert --