From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Simon Josefsson Newsgroups: gmane.emacs.devel Subject: Re: url issues Date: Tue, 12 Oct 2004 11:55:36 +0200 Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Message-ID: References: NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1097575051 21144 80.91.229.6 (12 Oct 2004 09:57:31 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 12 Oct 2004 09:57:31 +0000 (UTC) Cc: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Oct 12 11:57:17 2004 Return-path: Original-Received: from lists.gnu.org ([199.232.76.165]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1CHJPA-0001Wv-00 for ; Tue, 12 Oct 2004 11:57:16 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1CHJW9-0005Kj-Dq for ged-emacs-devel@m.gmane.org; Tue, 12 Oct 2004 06:04:29 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33) id 1CHJVX-00055E-3c for emacs-devel@gnu.org; Tue, 12 Oct 2004 06:03:51 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33) id 1CHJVV-00052u-LE for emacs-devel@gnu.org; Tue, 12 Oct 2004 06:03:50 -0400 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1CHJVV-00051v-7z for emacs-devel@gnu.org; Tue, 12 Oct 2004 06:03:49 -0400 Original-Received: from [217.13.230.178] (helo=yxa.extundo.com) by monty-python.gnu.org with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 4.34) id 1CHJO6-00037B-NU; Tue, 12 Oct 2004 05:56:11 -0400 Original-Received: from latte.josefsson.org (c494102a.s-bi.bostream.se [217.215.27.65]) (authenticated bits=0) by yxa.extundo.com (8.13.1/8.13.1/Debian-14) with ESMTP id i9C9u4dH028241 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=OK); Tue, 12 Oct 2004 11:56:05 +0200 Original-To: rms@gnu.org X-Hashcash: 1:22:041012:rms@gnu.org::92ea26b5709c7179:52082a X-Hashcash: 1:22:041012:emacs-devel@gnu.org::af528ebbbae6d234:3f1e69 In-Reply-To: (Richard Stallman's message of "Tue, 12 Oct 2004 04:57:27 -0400") User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3.50 (gnu/linux) X-Virus-Scanned: clamd / ClamAV version 0.75-1, clamav-milter version 0.75c on yxa-iv X-Virus-Status: Clean X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: main.gmane.org gmane.emacs.devel:28289 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:28289 Richard Stallman writes: > > Who would like to look at whether tls.el can do this job? > > I can do it, but I will be traveling soon, so it may take some while. > > Would that be weeks? We can wait that long. I looked briefly now, and it was easier than I first thought, because ssl-accept-ca-certificate in ssl.el is not used by URL. That function will be more difficult to rewrite, if it is needed in the future. I have installed the patch below, together with a fix to tls.el with some new functionality. Could someone who use SSL/TLS in URL test if this work? You will have to install GnuTLS and set url-gateway-method to `tls' if you already have OpenSSL and ssl.el installed. Eventually the ssl.el support could be removed, but I think it is to early to do so now. 2004-10-12 Simon Josefsson * url-vars.el (url-gateway-method): Add new method `tls'. * url-news.el (url-snews): Use nntp-open-tls-stream if url-gateway-method is tls. * url-ldap.el (url-ldap-certificate-formatter): Use tls-certificate-information if ssl.el is not available. * url-https.el (url-https-create-secure-wrapper): Use tls if ssl is not available. * url-gw.el (url-open-stream): Support tls url-gateway-method. (url-open-stream): Likewise. Index: url-gw.el =================================================================== RCS file: /cvsroot/emacs/emacs/lisp/url/url-gw.el,v retrieving revision 1.3 diff -u -p -r1.3 url-gw.el --- url-gw.el 10 Apr 2004 05:55:48 -0000 1.3 +++ url-gw.el 12 Oct 2004 09:53:41 -0000 @@ -3,7 +3,7 @@ ;; Keywords: comm, data, processes ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -;;; Copyright (c) 1997, 1998 Free Software Foundation, Inc. +;;; Copyright (c) 1997, 1998, 2004 Free Software Foundation, Inc. ;;; ;;; This file is part of GNU Emacs. ;;; @@ -29,6 +29,7 @@ (autoload 'socks-open-network-stream "socks") (autoload 'open-ssl-stream "ssl") +(autoload 'open-tls-stream "tls") (defgroup url-gateway nil "URL gateway variables" @@ -212,6 +213,7 @@ Args per `open-network-stream'. Will not make a connexion if `url-gateway-unplugged' is non-nil." (unless url-gateway-unplugged (let ((gw-method (if (and url-gateway-local-host-regexp + (not (eq 'tls url-gateway-method)) (not (eq 'ssl url-gateway-method)) (string-match url-gateway-local-host-regexp @@ -242,6 +244,8 @@ Will not make a connexion if `url-gatewa (let ((coding-system-for-read 'binary) (coding-system-for-write 'binary)) (setq conn (case gw-method + (tls + (open-tls-stream name buffer host service)) (ssl (open-ssl-stream name buffer host service)) ((native) Index: url-https.el =================================================================== RCS file: /cvsroot/emacs/emacs/lisp/url/url-https.el,v retrieving revision 1.5 diff -u -p -r1.5 url-https.el --- url-https.el 16 Apr 2004 22:02:46 -0000 1.5 +++ url-https.el 12 Oct 2004 09:53:41 -0000 @@ -1,4 +1,4 @@ -;;; url-https.el --- HTTP over SSL routines +;;; url-https.el --- HTTP over SSL/TLS routines ;; Copyright (c) 1999, 2004 Free Software Foundation, Inc. @@ -30,6 +30,7 @@ (require 'url-parse) (require 'url-cookie) (require 'url-http) +(require 'tls) (defconst url-https-default-port 443 "Default HTTPS port.") (defconst url-https-asynchronous-p t "HTTPS retrievals are asynchronous.") @@ -38,12 +39,11 @@ (defmacro url-https-create-secure-wrapper (method args) `(defun ,(intern (format (if method "url-https-%s" "url-https") method)) ,args ,(format "HTTPS wrapper around `%s' call." (or method "url-http")) - (condition-case () - (require 'ssl) - (error - (error "HTTPS support could not find `ssl' library"))) - (let ((url-gateway-method 'ssl)) - ( ,(intern (format (if method "url-http-%s" "url-http") method)) ,@(remove '&rest (remove '&optional args)))))) + (let ((url-gateway-method (condition-case () + (require 'ssl) + (error 'tls)))) + (,(intern (format (if method "url-http-%s" "url-http") method)) + ,@(remove '&rest (remove '&optional args)))))) (url-https-create-secure-wrapper nil (url callback cbargs)) (url-https-create-secure-wrapper file-exists-p (url)) Index: url-ldap.el =================================================================== RCS file: /cvsroot/emacs/emacs/lisp/url/url-ldap.el,v retrieving revision 1.4 diff -u -p -r1.4 url-ldap.el --- url-ldap.el 12 Apr 2004 04:04:31 -0000 1.4 +++ url-ldap.el 12 Oct 2004 09:53:41 -0000 @@ -28,6 +28,7 @@ (require 'url-parse) (require 'url-util) (require 'ldap) +(autoload 'tls-certificate-information "tls") ;; This has been implemented from RFC2255 'The LDAP URL Format' (Dec 1997) ;; @@ -96,7 +97,8 @@ (require 'ssl) (error nil)) (let ((vals (if (fboundp 'ssl-certificate-information) - (ssl-certificate-information data)))) + (ssl-certificate-information data) + (tls-certificate-information data)))) (if (not vals) "Unable to parse certificate" (concat "\n" Index: url-news.el =================================================================== RCS file: /cvsroot/emacs/emacs/lisp/url/url-news.el,v retrieving revision 1.5 diff -u -p -r1.5 url-news.el --- url-news.el 10 Oct 2004 20:38:50 -0000 1.5 +++ url-news.el 12 Oct 2004 09:53:41 -0000 @@ -2,7 +2,7 @@ ;; Keywords: comm, data, processes ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -;;; Copyright (c) 1996 - 1999 Free Software Foundation, Inc. +;;; Copyright (c) 1996 - 1999, 2004 Free Software Foundation, Inc. ;;; ;;; This file is part of GNU Emacs. ;;; @@ -125,7 +125,9 @@ ;;;###autoload (defun url-snews (url) - (let ((nntp-open-connection-function 'nntp-open-ssl-stream)) + (let ((nntp-open-connection-function (if (eq 'tls url-gateway-method) + nntp-open-tls-stream + nntp-open-ssl-stream))) (url-news url))) (provide 'url-news) Index: url-vars.el =================================================================== RCS file: /cvsroot/emacs/emacs/lisp/url/url-vars.el,v retrieving revision 1.5 diff -u -p -r1.5 url-vars.el --- url-vars.el 10 Oct 2004 20:39:48 -0000 1.5 +++ url-vars.el 12 Oct 2004 09:53:41 -0000 @@ -2,7 +2,7 @@ ;; Keywords: comm, data, processes, hypermedia ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -;;; Copyright (c) 1996,1997,1998,1999,2001 Free Software Foundation, Inc. +;;; Copyright (c) 1996,1997,1998,1999,2001,2004 Free Software Foundation, Inc. ;;; ;;; This file is part of GNU Emacs. ;;; @@ -368,12 +368,14 @@ Currently supported methods: `telnet': Run telnet in a subprocess to connect; `rlogin': Rlogin to another machine to connect; `socks': Connect through a socks server; -`ssl': Connect with SSL; +`tls': Connect with TLS; +`ssl': Connect with SSL (deprecated, use `tls' instead); `native': Connect directy." :type '(radio (const :tag "Telnet to gateway host" :value telnet) (const :tag "Rlogin to gateway host" :value rlogin) (const :tag "Use SOCKS proxy" :value socks) - (const :tag "Use SSL for all connections" :value ssl) + (const :tag "Use SSL/TLS for all connections" :value tls) + (const :tag "Use SSL for all connections (obsolete)" :value ssl) (const :tag "Direct connection" :value native)) :group 'url-hairy)