From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Lars Magne Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.devel
Subject: Re: client certs and CRL lists for GnuTLS
Date: Tue, 03 May 2011 17:25:44 +0200
Organization: Programmerer Ingebrigtsen
Message-ID: <m3sjsvajrb.fsf@quimbies.gnus.org>
References: <m3ipu4u7bv.fsf@quimbies.gnus.org> <87d3kal0za.fsf@lifelogs.com>
	<jwvfwp6xmr0.fsf-monnier+emacs@gnu.org> <874o5mky4o.fsf@lifelogs.com>
	<m3oc3mb68s.fsf@quimbies.gnus.org> <m3bozm9j08.fsf@quimbies.gnus.org>
	<m3tyde83o9.fsf_-_@quimbies.gnus.org> <8762ptue8r.fsf@lifelogs.com>
	<m3ei4hlyih.fsf@quimbies.gnus.org> <87k4e8ucw3.fsf@lifelogs.com>
	<87y62nak0m.fsf_-_@lifelogs.com>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: dough.gmane.org 1304436371 13945 80.91.229.12 (3 May 2011 15:26:11 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Tue, 3 May 2011 15:26:11 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue May 03 17:26:06 2011
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1QHHUD-0005ph-TX
	for ged-emacs-devel@m.gmane.org; Tue, 03 May 2011 17:26:06 +0200
Original-Received: from localhost ([::1]:41634 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1QHHUD-0000pf-EP
	for ged-emacs-devel@m.gmane.org; Tue, 03 May 2011 11:26:05 -0400
Original-Received: from eggs.gnu.org ([140.186.70.92]:57216)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1QHHU9-0000pZ-Lq
	for emacs-devel@gnu.org; Tue, 03 May 2011 11:26:02 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1QHHU4-0007tR-IN
	for emacs-devel@gnu.org; Tue, 03 May 2011 11:26:01 -0400
Original-Received: from lo.gmane.org ([80.91.229.12]:34294)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1QHHU4-0007tJ-7e
	for emacs-devel@gnu.org; Tue, 03 May 2011 11:25:56 -0400
Original-Received: from list by lo.gmane.org with local (Exim 4.69)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1QHHU3-0005k3-9r
	for emacs-devel@gnu.org; Tue, 03 May 2011 17:25:55 +0200
Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Tue, 03 May 2011 17:25:55 +0200
Original-Received: from larsi by cm-84.215.51.58.getinternet.no with local (Gmexim 0.1
	(Debian)) id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Tue, 03 May 2011 17:25:55 +0200
X-Injected-Via-Gmane: http://gmane.org/
Mail-Followup-To: emacs-devel@gnu.org
Original-Lines: 27
Original-X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: cm-84.215.51.58.getinternet.no
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEUvIiQdExwPBw7g3tdM
	PDolGR6ZhnIghtuyAAACZUlEQVQ4jbWTwa6jMAxFHSbMmnRI1631+gU8sQ6tyTp0yKyRyPP/f8LY
	oX27WY5ViSonvte5ARj+UfA/wMivoloQ/GpNbiFLJUsgf9qccgabV5qy6dqcLXGhCmQPTLOlkEyG
	xbIC0mUpIBsWb12GFAsVVVfSZliDc97PKQCHlcASBdkuoDeLU/lgORCZS22BNsFqss+poyWW9oSY
	gEg7AIK0ieTsYoEF8QYilSADzJ3JOpTnEkuAU4JQpwXjwCefV8vlMYyRE9i2ArFujYDIZddcZtn7
	Au7PlF0feauBTVaPJ1MJWAVIB1XwpUriLR7OdAJWjgMPLGBeJAYF3eLbRcx5GAVsdnJOeyaXnE/O
	2sgidQAxzzA7I1kZkswVDJudX+l2xslQLYUXkBgWzYQk3ezibOcKxq9FTmZlrEDmzD+HcSfeFcg+
	5xAFTPQY9vo2PIYSx+kNbKZ6sl0B82gUnFA8OioKROUhz7IomASk/vF+sTTETdd9EClnv0GUqLas
	ABR4K/IKPu0+cpXyT7lief46OjhIKjwd5hX8qOvFLh1zOcA1C/CHyYx46jnMCtytAp1m/7QN4hUS
	1bG+Ae/bXlDqRovzrk8Kzmq8y2h3bJouTm52PYm5r0FJXOOGH88bbXIP8CEd8Tid/AreTlgvyH60
	EEfZzBKHjIoXSQ/7ydm1hQfvPMd63QW7BhNeSN4AC7+5HGoKcoMSBy29Bei33Ku3fLRfCC1eGpQI
	wlMjOdfrYL7j3eO1wc51k3mfXJUavGe8Pb/BeXhbYLqfLoiN61c9efcCd8QL1nL+qrH7A5CGeMJ3
	/QVR4uVUh4enJgAAAABJRU5ErkJggg==
Mail-Copies-To: never
X-Now-Playing: Issa's _With What Shall I Keep Warm?_: "Phoenix (For Teenagers)"
User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux)
Cancel-Lock: sha1:qMgwVp/Y9cBPJbjE/2B4i+TwgpM=
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-Received-From: 80.91.229.12
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: </archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:139054
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/139054>

Ted Zlatanov <tzz@lifelogs.com> writes:

> The attached patch adds a :keylist parameter to `gnutls-boot' which is a
> list of (client key file, client cert file) pairs.  It also renames the
> :keyfiles parameter to :crlfiles since it's for CRL lists.  So now you
> can specify any number of client certs.  If the key files require a
> passphrase, the decoding won't work because we don't set a callback.

Right.  Hm...  if you specify a keyfile (that requires a password), does
starttls.el allow prompting for that password?  (I'm just wondering
whether the gnutls.c situation would be totally equivalent or not...)

> `gnutls-negotiate' also gets the parameter changes (should I just make
> it take a plist?)

[...]

>  (defun gnutls-negotiate (proc type hostname &optional priority-string
> -                              trustfiles keyfiles verify-flags
> +                              trustfiles crlfiles keylist verify-flags
>                                verify-error verify-hostname-error)

Heh.  Yes, I think it would be better to change this to a plist.  :-)

-- 
(domestic pets only, the antidote for overdose, milk.)
  bloggy blog http://lars.ingebrigtsen.no/