From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.emacs.devel
Subject: Re: need help with certificate bundles for ALL the platforms Emacs
	supports
Date: Sun, 12 Feb 2012 17:13:25 -0500
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
Message-ID: <87fwef8zui.fsf@lifelogs.com>
References: <4F25FA2F.2010401@gmail.com>
	<F076A8BD691F41DA9BABE716EA24A149@us.oracle.com>
	<4F27F4A1.6030907@gmail.com>
	<6E4BE1E758D04283A7C3A660ED379966@us.oracle.com>
	<87liolnipl.fsf@lifelogs.com>
	<50081AA79F2F4860A3B9DCEDFC1ABEC8@us.oracle.com>
	<877h04nc2e.fsf@lifelogs.com> <83ehucfjc8.fsf@gnu.org>
	<87r4ycjbjz.fsf_-_@lifelogs.com> <83mx8zev8s.fsf@gnu.org>
	<87vcnnj1xm.fsf@lifelogs.com> <87ipjgw0r3.fsf_-_@lifelogs.com>
	<87zkcqr4td.fsf@lifelogs.com> <jwv1uq234d2.fsf-monnier+emacs@gnu.org>
Reply-To: emacs-devel@gnu.org
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Trace: dough.gmane.org 1329084838 16256 80.91.229.3 (12 Feb 2012 22:13:58 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Sun, 12 Feb 2012 22:13:58 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Feb 12 23:13:57 2012
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Rwhg6-0000L5-Iv
	for ged-emacs-devel@m.gmane.org; Sun, 12 Feb 2012 23:13:50 +0100
Original-Received: from localhost ([::1]:36964 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Rwhg5-0002by-VG
	for ged-emacs-devel@m.gmane.org; Sun, 12 Feb 2012 17:13:49 -0500
Original-Received: from eggs.gnu.org ([140.186.70.92]:38049)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1Rwhfx-0002aG-Ah
	for emacs-devel@gnu.org; Sun, 12 Feb 2012 17:13:47 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1Rwhfv-0007WW-Pc
	for emacs-devel@gnu.org; Sun, 12 Feb 2012 17:13:41 -0500
Original-Received: from plane.gmane.org ([80.91.229.3]:50435)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1Rwhfv-0007WP-J0
	for emacs-devel@gnu.org; Sun, 12 Feb 2012 17:13:39 -0500
Original-Received: from list by plane.gmane.org with local (Exim 4.69)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1Rwhfr-0000Aa-9f
	for emacs-devel@gnu.org; Sun, 12 Feb 2012 23:13:35 +0100
Original-Received: from c-76-28-40-19.hsd1.vt.comcast.net ([76.28.40.19])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Sun, 12 Feb 2012 23:13:35 +0100
Original-Received: from tzz by c-76-28-40-19.hsd1.vt.comcast.net with local (Gmexim 0.1
	(Debian)) id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Sun, 12 Feb 2012 23:13:35 +0100
X-Injected-Via-Gmane: http://gmane.org/
Mail-Followup-To: emacs-devel@gnu.org
Original-Lines: 90
Original-X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: c-76-28-40-19.hsd1.vt.comcast.net
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
	d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
	D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
User-Agent: Gnus/5.130002 (Ma Gnus v0.2) Emacs/24.0.93 (gnu/linux)
Cancel-Lock: sha1:+CrEdmaT5DLAclvoSPaPtjU1e4I=
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 80.91.229.3
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:148528
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/148528>

--=-=-=
Content-Type: text/plain

On Fri, 10 Feb 2012 13:57:18 -0500 Stefan Monnier <monnier@iro.umontreal.ca> wrote: 

>> Maintainers: can I change gnutls.el to provide a customizable
>> `gnutls-trustfiles' and to probe these file locations or would you
>> consider that a new feature that has to wait?

SM> I think it's OK to install now, but please show us the patch for
SM> confirmation,

No ChangeLog yet, just the code.  It's pretty simple.

`gnutls-flatten-list' seems like a nice general utility, maybe it
already exists?

Thanks
Ted


--=-=-=
Content-Type: text/x-diff
Content-Disposition: inline; filename=gnutls-trustfiles.patch

=== modified file 'lisp/net/gnutls.el'
--- lisp/net/gnutls.el	2012-02-12 21:40:25 +0000
+++ lisp/net/gnutls.el	2012-02-12 22:11:53 +0000
@@ -51,6 +51,22 @@
   :type '(choice (const nil)
 		 string))
 
+(defcustom gnutls-trustfiles '(
+                               ;; Debian, Ubuntu, Gentoo and Arch Linux
+                               "/etc/ssl/certs/ca-certificates.crt"
+                               ;; Fedora and RHEL
+                               "/etc/pki/tls/certs/ca-bundle.crt"
+                               ;; Suse
+                               "/etc/ssl/ca-bundle.pem"
+                               )
+  "List of functions or filenames yielding CA bundle locations.
+The files may be in PEM or DER format, as per the GnuTLS documentation.
+The files may not exist, in which case they will be ignored.
+Functions will be called and may return a filename or a list of filenames."
+  :group 'gnutls
+  :type '(repeat (choice (function :tag "Function")
+                         (file :tag "Bundle filename"))))
+
 ;;;###autoload
 (defcustom gnutls-min-prime-bits nil
   "The minimum number of bits to be used in Diffie-Hellman key exchange.
@@ -156,10 +172,14 @@
 It must be omitted, a number, or nil; if omitted or nil it
 defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT."
   (let* ((type (or type 'gnutls-x509pki))
-         (default-trustfile "/etc/ssl/certs/ca-certificates.crt")
          (trustfiles (or trustfiles
-                         (when (file-exists-p default-trustfile)
-                           (list default-trustfile))))
+                         (delq nil
+                               (mapcar (lambda (f) (and f (file-exists-p f) f))
+                                       (gnutls-flatten-list
+                                        (mapcar (lambda (tf) (if (functionp tf)
+                                                            (funcall tf)
+                                                          tf))
+                                                gnutls-trustfiles))))))
          (priority-string (or priority-string
                               (cond
                                ((eq type 'gnutls-anon)
@@ -203,6 +223,17 @@
              doit (gnutls-error-string doit)
              (apply 'format format (or params '(nil))))))
 
+;; copied from `eshell-flatten-list'
+(defun gnutls-flatten-list (args)
+  "Flatten any lists within ARGS, so that there are no sublists."
+  (let ((new-list (list t)))
+    (dolist (a args)
+      (if (and (listp a)
+               (listp (cdr a)))
+          (nconc new-list (eshell-flatten-list a))
+        (nconc new-list (list a))))
+    (cdr new-list)))
+
 (provide 'gnutls)
 
 ;;; gnutls.el ends here


--=-=-=--