From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.bugs Subject: bug#25061: consider adding %COMPAT to default gnutls priority string Date: Sat, 09 Dec 2017 18:50:08 -0500 Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos Message-ID: <87a7yra2bz.fsf@lifelogs.com> References: <87zikiwpl6.fsf@igalia.com> <878trzo5ys.fsf@lifelogs.com> <87fum7o0qu.fsf@gnu.org> <87zikfmiiy.fsf@lifelogs.com> <878tq0dqgw.fsf@gnus.org> <87sho1gemz.fsf@gnu.org> <87vasigi2c.fsf@igalia.com> <871sv2krfc.fsf@lifelogs.com> <8360d1yzvj.fsf@gnu.org> <877exbhbc5.fsf@lifelogs.com> <87k21bj7sb.fsf@detlef> <87y3phgf3a.fsf@lifelogs.com> <83k210mr8l.fsf@gnu.org> <83374t117z.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1512863473 19582 195.159.176.226 (9 Dec 2017 23:51:13 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sat, 9 Dec 2017 23:51:13 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) Cc: wingo@igalia.com, 25061@debbugs.gnu.org, ludo@gnu.org, michael.albinus@gmx.de, larsi@gnus.org To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Dec 10 00:51:08 2017 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eNotf-0004qF-Dh for geb-bug-gnu-emacs@m.gmane.org; Sun, 10 Dec 2017 00:51:07 +0100 Original-Received: from localhost ([::1]:42925 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eNotm-00053u-LO for geb-bug-gnu-emacs@m.gmane.org; Sat, 09 Dec 2017 18:51:14 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:44506) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eNotd-00053k-IC for bug-gnu-emacs@gnu.org; Sat, 09 Dec 2017 18:51:06 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eNota-00042G-FU for bug-gnu-emacs@gnu.org; Sat, 09 Dec 2017 18:51:05 -0500 Original-Received: from debbugs.gnu.org ([208.118.235.43]:45619) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eNota-00041R-Bf for bug-gnu-emacs@gnu.org; Sat, 09 Dec 2017 18:51:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1eNotZ-0007bS-Ul for bug-gnu-emacs@gnu.org; Sat, 09 Dec 2017 18:51:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 09 Dec 2017 23:51:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 25061 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 25061-submit@debbugs.gnu.org id=B25061.151286342029167 (code B ref 25061); Sat, 09 Dec 2017 23:51:01 +0000 Original-Received: (at 25061) by debbugs.gnu.org; 9 Dec 2017 23:50:20 +0000 Original-Received: from localhost ([127.0.0.1]:54297 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eNoss-0007aM-FQ for submit@debbugs.gnu.org; Sat, 09 Dec 2017 18:50:18 -0500 Original-Received: from mail-qt0-f182.google.com ([209.85.216.182]:37649) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eNosq-0007a9-EV for 25061@debbugs.gnu.org; Sat, 09 Dec 2017 18:50:17 -0500 Original-Received: by mail-qt0-f182.google.com with SMTP id f2so31064415qtj.4 for <25061@debbugs.gnu.org>; Sat, 09 Dec 2017 15:50:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to:date :in-reply-to:message-id:user-agent:mime-version; bh=uK4HBOCS5YpjF6bl+ndaGLrD5Z1HxrvqqfJIMuB6fdY=; b=J+o5TzbKkkQizD22go/xQCydN0BTnQKID5soBidNlCp8yJtrdaKQKXs8Eq1w6ftUHy 7QS47rsXNRdcoOeYiDUmG7enKN757OD3dtSkp1ap7bePHb3QQtpnMJdO/j4+xuqOBrWI fw9vjq9LWkdJJGRnDHbk2setquzY9vs3EesjI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:date:in-reply-to:message-id:user-agent:mime-version; bh=uK4HBOCS5YpjF6bl+ndaGLrD5Z1HxrvqqfJIMuB6fdY=; b=feM+y9JGyllUsLv1acqhGjxD/eKdnMxiy0i3IjBNI+W5qC1Lqk5h51WMSFRgAkV/M0 /v8XWcOv+/5dqh4y4pY+uSYljVjVwK8yI+NanIzPYmYiub2nLAkA3oN3okGCz4ZH77mE Hxs3FARvBYPInI/ZQq+f18Dmz6ESPvZe8a0SMothHtPqRVAGYmVrxkIZtfd5LJmNYKlE WCRv9gKdUY/zDHQgrLpQKDBQYcAQJw12DVYpIWvvbu4PlAgBXwYxLeoLqdZGwKBJvYhD FgtczFi/V34nRGQMumKNl9TcvJZmVlogyF+/Si3j/7MkwxcKONGSXJkjso/TMUvMs+JS IS9A== X-Gm-Message-State: AKGB3mJ3OygJVs88jZmaJJd2N5OOLM47y6LMIdvsrYxoL16eyGbDy8u6 zUsNcAacAmDkIfTl7z3b8WZw1g== X-Google-Smtp-Source: AGs4zMZNZgI08UOvF0YqortY9PZQJz9ztqdHOHJd2TPIKnnvL4VU8UJDvg/svHUgqW2Ytbb4REyH1A== X-Received: by 10.200.55.37 with SMTP id o34mr21480727qtb.79.1512863410831; Sat, 09 Dec 2017 15:50:10 -0800 (PST) Original-Received: from flea (c-76-28-41-155.hsd1.ma.comcast.net. [76.28.41.155]) by smtp.gmail.com with ESMTPSA id f38sm2221069qtc.73.2017.12.09.15.50.09 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 09 Dec 2017 15:50:09 -0800 (PST) X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never In-Reply-To: <83374t117z.fsf@gnu.org> (Eli Zaretskii's message of "Sat, 02 Dec 2017 19:36:16 +0200") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:140878 Archived-At: On Sat, 02 Dec 2017 19:36:16 +0200 Eli Zaretskii wrote: EZ> Ted, any news on this? Emacs 26.1 is getting closer to the release, EZ> so I'd like to see this issue resolved. I've looked at the code and at the work that Michael has kindly done on connection-local variables and profiles. Eli, first, I need to know if I can make large changes (introducing connection profiles to GnuTLS) this close to the release. If so, I'll work in emacs-26. If we can't, I'll do this work for 26.2 and work in master. To help you and others gauge the extent of the work, here's a summary: * support connection profiles for processes, not just buffers (only buffers are supported today AFAICT). Or maybe only support processes with associated buffers. I'm not sure what's best, maybe Michael and others can make suggestions. * only apply connection profiles when the connection is created. Users and applications will be responsible for closing the connection and reopening it if the profile changes. * using `connection-local-set-profile-variables' in gnutls.el, create a 'gnutls-default-profile with today's settings for `gnutls-min-prime-bits', `gnutls-trustfiles', `gnutls-verify-error', and `gnutls-algorithm-priority', installing it like so (connection-local-set-profiles nil 'gnutls-default-profile) * using `connection-local-set-profile-variables' in gnutls.el, create a 'gnutls-compatible-profile with `gnutls-algorithm-priority' containing "%COMPAT" and any other needed changes to resolve this bug. Note that the default profile will be applied first, so this profile will be fairly small. The user will then need to do (connection-local-set-profiles '(:machine "system-that-needs-compatibility") 'gnutls-compatible-profile) * apply connection profiles in `open-network-stream', `open-gnutls-stream', and `gnutls-negotiate' as needed. The parameters will be :machine (host parameter) and :protocol (service parameter). Any other parameters such as :user and :application will be used if the application passes them in (so a new optional search criteria parameter will need to be added). * add logging to make it clear to the user what profiles are getting applied, and what the final variable values are. This may deserve special UI if we can integrate it with the NSM (optional work, Lars and others can recommend what's best). * support connection profiles for the network-security-level and other NSM variables as well (optional work, Lars and others can recommend what's best). I think this covers what's needed. Let me know your thoughts and I hope to wrap this up quickly either way. Ted