From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Lars Magne Ingebrigtsen Newsgroups: gmane.emacs.devel Subject: Re: url library and GnuTLS, and Emacs-issued certificates Date: Thu, 24 Mar 2011 05:55:30 +0100 Organization: Programmerer Ingebrigtsen Message-ID: References: <87mxkojpk4.fsf@lifelogs.com> <87hbawtbq7.fsf@stupidchicken.com> <878vw8hznm.fsf_-_@lifelogs.com> <87ei5xsvl6.fsf@lifelogs.com> <87hbatofix.fsf@stupidchicken.com> <87ei5xo695.fsf@stupidchicken.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1300942566 11210 80.91.229.12 (24 Mar 2011 04:56:06 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Thu, 24 Mar 2011 04:56:06 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Mar 24 05:56:03 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Q2caX-0000yD-Ah for ged-emacs-devel@m.gmane.org; Thu, 24 Mar 2011 05:56:01 +0100 Original-Received: from localhost ([127.0.0.1]:54129 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Q2caW-0007qR-Mz for ged-emacs-devel@m.gmane.org; Thu, 24 Mar 2011 00:56:00 -0400 Original-Received: from [140.186.70.92] (port=40115 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Q2caJ-0007ij-2E for emacs-devel@gnu.org; Thu, 24 Mar 2011 00:55:50 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Q2caF-00062Y-6o for emacs-devel@gnu.org; Thu, 24 Mar 2011 00:55:46 -0400 Original-Received: from lo.gmane.org ([80.91.229.12]:49934) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Q2caE-00062T-PK for emacs-devel@gnu.org; Thu, 24 Mar 2011 00:55:43 -0400 Original-Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1Q2caD-0000rM-72 for emacs-devel@gnu.org; Thu, 24 Mar 2011 05:55:41 +0100 Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 24 Mar 2011 05:55:41 +0100 Original-Received: from larsi by cm-84.215.51.58.getinternet.no with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 24 Mar 2011 05:55:41 +0100 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: emacs-devel@gnu.org Original-Lines: 25 Original-X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: cm-84.215.51.58.getinternet.no Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAHlBMVEVpUD2IeGhdPCmaqKbe 1cH+//6Kmpn9/PkpCQhAKh5fIPDLAAACXUlEQVQ4jW3UQY+aQBQH8IdtNs6NkdSUG0ybjdyWjLXp sZEN56Yar7o0JD02YcMVOTRvbsg2De/b9g2o3dV98TS/ef8HOADl4/qqNmW5hvJ6fW33wuN6k25W ZVoWjy96LSS/ioQr/XQJ82TJv2XyeVgqkjOkSV9Fv75S6u0p6nmlE6XU/RGK46LO9Y8klBLevdLx lRvUx7JkWOXP6wHAlY7W1xByR5C/BgCjcHEN21AxXEZto1aGrjv60EdtzuvZqMNqxDPyM2RTC7FA NKBUuMjO0HfczRBrZyfzyw6XImqdbHEC3pHd9CPQBCrw9GJxhl1oQWCj2vZGa93PWLk3+e7WRs0q T4oe+vv4Bpxjo3Zd/cYd0eEE34PpAHG39+IYqxOs4D/oeYz1EVKGxQmkFyMNUCSFlHrRw6ySmiHr 4b5MpMxjB/jGx7Xj3aEZIJ37RIc44ivgRyX1ezTeMCObUHQQ1EoLYcyP63aAnDsqYRhygaYZG0R7 i1DqiYpC7nC0T9iFLiEiT4EtCEN9VBYR+Ycp/yf4mwFURFHj2w6i5ksl3jMYBsWgGGrJQON61mCf BW3AHa1PRuqIOqyx7hg8DSM+RnxgZsbRguwajivEJ44SgQIQhCrzB2iqjqcDkmoDC/jk2ytF3LPv GZDaluzePQMnCzV2GpkBnqv+SaaH8ALMNqABDhOGyAxBDA+H1kLbCtfJgEgdO1pqwAK1PhwscAdR xG9LZ/i6OYokjTyQ+W7Kp1Xm01zKnYUokr7w4MV3YsVBHRFA8wdefF0KEMM8+ttDeapCLzW/7ks9 F/8ANYpvqQWl9x4AAAAASUVORK5CYII= Mail-Copies-To: never X-Now-Playing: Barbara Morgenstern's _Fan No 2 (1)_: "Come to Berlin" User-Agent: Gnus/5.110016 (No Gnus v0.16) Emacs/24.0.50 (gnu/linux) Cancel-Lock: sha1:M4+2JmUvbYPd5Utv0FOsj3LU+C8= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 80.91.229.12 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:137624 Archived-At: Chong Yidong writes: > Could you explain in more detail? tls.el is quite simple. You start openssl/gnutls-cli as a subprocess with the correct parameters, parse the output slightly, and then talk over the socket. starttls.el is a bit different. You call `open-starttls-stream', which starts gnutls-cli in unencrypted mode. Then you do protocol-specific things to see whether the server supports STARTTLS. If it does, you issue the commands necessary for the server to start talking TLS. You then call `startls-negotiate' which sends a signal to gnutls-cli which makes gnutls-cli go to encrypted mode, parses the output from gnutls-cli, and returns the status of the now-encrypted socket. To make things even more confusing, openssl does have support for STARTTLS, too, but you then have to let openssl itself do the STARTTLS negotiation by telling openssl what protocol it's talking. And it doesn't support all the protocols that Emacs needs, so it can't really be used. -- (domestic pets only, the antidote for overdose, milk.) larsi@gnus.org * Lars Magne Ingebrigtsen