From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.comp.encryption.gpg.gnutls.devel,gmane.emacs.devel
Subject: re: Emacs core TLS support
Date: Sat, 11 Sep 2010 09:59:59 -0500
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
Message-ID: <8762ycfhqo.fsf@lifelogs.com>
References: <878wc1vfh3.fsf@lifelogs.com> <87r5ptpnz2.fsf@stupidchicken.com>
	<871vhsvkut.fsf@lifelogs.com> <jwvbpgw1yp2.fsf-monnier+emacs@gnu.org>
	<87d41csktn.fsf@lifelogs.com> <87k4v0n0m8.fsf@lifelogs.com>
	<87wrrvfnc4.fsf@lifelogs.com> <m3zkwqhixi.fsf@carbon.jhcloos.org>
	<87r5i2d00q.fsf@lifelogs.com> <87zkwqijye.fsf@stupidchicken.com>
	<878w4actmg.fsf@lifelogs.com> <877hju123h.fsf@stupidchicken.com>
	<8762yklrdk.fsf@lifelogs.com> <jwvlj7fg7gk.fsf-monnier+emacs@gnu.org>
	<87wrqzhrjv.fsf@lifelogs.com> <jwvmxruehco.fsf-monnier+emacs@gnu.org>
	<87fwxmihyz.fsf@lifelogs.com>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: dough.gmane.org 1284217226 31669 80.91.229.12 (11 Sep 2010 15:00:26 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Sat, 11 Sep 2010 15:00:26 +0000 (UTC)
Cc: emacs-devel@gnu.org
To: gnutls-devel@gnu.org
Original-X-From: gnutls-devel-bounces+pgp-gnutls-dev=m.gmane.org@gnu.org Sat Sep 11 17:00:25 2010
Return-path: <gnutls-devel-bounces+pgp-gnutls-dev=m.gmane.org@gnu.org>
Envelope-to: pgp-gnutls-dev@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <gnutls-devel-bounces+pgp-gnutls-dev=m.gmane.org@gnu.org>)
	id 1OuRZ0-0001t4-UD
	for pgp-gnutls-dev@m.gmane.org; Sat, 11 Sep 2010 17:00:23 +0200
Original-Received: from localhost ([127.0.0.1]:45065 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1OuRZ0-0000We-Fw
	for pgp-gnutls-dev@m.gmane.org; Sat, 11 Sep 2010 11:00:22 -0400
Original-Received: from [140.186.70.92] (port=53808 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1OuRYx-0000WZ-2P
	for gnutls-devel@gnu.org; Sat, 11 Sep 2010 11:00:20 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <pgp-gnutls-dev@m.gmane.org>) id 1OuRYv-0002A8-QT
	for gnutls-devel@gnu.org; Sat, 11 Sep 2010 11:00:18 -0400
Original-Received: from lo.gmane.org ([80.91.229.12]:47931)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <pgp-gnutls-dev@m.gmane.org>) id 1OuRYv-00029z-F2
	for gnutls-devel@gnu.org; Sat, 11 Sep 2010 11:00:17 -0400
Original-Received: from list by lo.gmane.org with local (Exim 4.69)
	(envelope-from <pgp-gnutls-dev@m.gmane.org>) id 1OuRYr-0001ml-NR
	for gnutls-devel@gnu.org; Sat, 11 Sep 2010 17:00:13 +0200
Original-Received: from c-24-14-16-248.hsd1.il.comcast.net ([24.14.16.248])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <gnutls-devel@gnu.org>; Sat, 11 Sep 2010 17:00:13 +0200
Original-Received: from tzz by c-24-14-16-248.hsd1.il.comcast.net with local (Gmexim
	0.1 (Debian)) id 1AlnuQ-0007hv-00
	for <gnutls-devel@gnu.org>; Sat, 11 Sep 2010 17:00:13 +0200
X-Injected-Via-Gmane: http://gmane.org/
Original-Lines: 27
Original-X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: c-24-14-16-248.hsd1.il.comcast.net
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
	d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
	D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/24.0.50 (gnu/linux)
Cancel-Lock: sha1:LfXQxOPVCmRNNWKGrKZrW9oT10I=
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-BeenThere: gnutls-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GnuTLS development discussions <gnutls-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/gnutls-devel>,
	<mailto:gnutls-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/gnutls-devel>
List-Post: <mailto:gnutls-devel@gnu.org>
List-Help: <mailto:gnutls-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/gnutls-devel>,
	<mailto:gnutls-devel-request@gnu.org?subject=subscribe>
Original-Sender: gnutls-devel-bounces+pgp-gnutls-dev=m.gmane.org@gnu.org
Errors-To: gnutls-devel-bounces+pgp-gnutls-dev=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.comp.encryption.gpg.gnutls.devel:4500 gmane.emacs.devel:129982
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/129982>

Nearly ready.  Since the last patch we have:

- full initialization and handshake (no memory issues, etc.)

- everything happens in gnutls-boot, including global initialization;
  all the parameters are either x509 or anon

- use of gnutls_initstage in the process to mark progress of
  initialization and whether the process is done initializing and
  handshaking

- no SRP anywhere, just anon and x509 (I'll add SRP if we need it and
  when the other two are working)

Now I get GNUTLS_E_INSUFFICIENT_CREDENTIALS when I open a x509
connection to an IMAP TLS server so I think there's still work to do.
The trust file seems to be wrong (see lisp/net/gnutls.el, I tried both
"/etc/ssl/certs/ca-certificates.crt" and "/etc/ssl/certs/ca.pem").

The GnuTLS examples don't seem to cover the standard situation of
talking to a web server over SSL and possibly accepting an insecure
connection if the server credentials are bad.  I must have missed
something.  Could the GnuTLS developers look at my patch and help me
out?

Thanks
Ted