From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Robert Pluim <rpluim@gmail.com>
Newsgroups: gmane.emacs.devel
Subject: Re: ALPN support for GnuTLS connections
Date: Fri, 18 Oct 2024 14:37:11 +0200
Message-ID: <87iktpr3ig.fsf@gmail.com>
References: <7f11f60c-37da-4123-ae5b-98c79a132bb1@risk-engineering.org>
 <87zfnp1oqa.fsf@gmail.com>
 <3b0509fe-5a30-4e2a-a9fa-c196d79c81d4@risk-engineering.org>
 <87ttdx1dzy.fsf@gmail.com>
 <e7432868-d47b-480c-8bb4-fcda5dabf499@risk-engineering.org>
 <874j5o1fwe.fsf@gmail.com> <877cagukpe.fsf@gmail.com>
 <c71c84d4-8372-4351-822c-5f05d070fdc7@risk-engineering.org>
 <87jzebt4wc.fsf@gmail.com>
 <051392d4-3aa1-4852-a69d-9395a3892675@risk-engineering.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="3046"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: emacs-devel@gnu.org
To: Eric Marsden <eric.marsden@risk-engineering.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Fri Oct 18 14:38:10 2024
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1t1mF8-0000bX-0f
	for ged-emacs-devel@m.gmane-mx.org; Fri, 18 Oct 2024 14:38:10 +0200
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces@gnu.org>)
	id 1t1mEI-0005Mo-EV; Fri, 18 Oct 2024 08:37:18 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <rpluim@gmail.com>) id 1t1mEG-0005MR-Kd
 for emacs-devel@gnu.org; Fri, 18 Oct 2024 08:37:16 -0400
Original-Received: from mail-wm1-x330.google.com ([2a00:1450:4864:20::330])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <rpluim@gmail.com>) id 1t1mEE-0007An-U5
 for emacs-devel@gnu.org; Fri, 18 Oct 2024 08:37:16 -0400
Original-Received: by mail-wm1-x330.google.com with SMTP id
 5b1f17b1804b1-4315baa51d8so17282885e9.0
 for <emacs-devel@gnu.org>; Fri, 18 Oct 2024 05:37:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1729255033; x=1729859833; darn=gnu.org;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=9YPo3i7v/kQTTpmuSsVmbZo0GuKWJi20SuD8fjnk4QY=;
 b=ZOgRdV7d76exaBtx752DckvM0EiUupLVIA18VYZoXv7X8BGn+P7rYE1poGjOY9SOcO
 p+kk7bRTaJZxcRU0wjhiYBnJ8g/WbSd05hRm+3aXL4eBhtEWOM0DDb37bYS2Rn7TRJW4
 C7fFTIYxp2ErZBGTzeU7nSltdybtfVuLYPpzH2TmDQfSFzkNHROrFXPr2oBxAPrG3gx/
 PfdauDUf4jelghte/ppaDvo4e0kWegp61UoNWQZEgHqhCDcs9K3gCiwjcJdpsL6HoJLQ
 p0Tha1oFg9wiMDEJUpM2SZyG1MsalDPwk8yXpNxhtg/OYDerC2BCzQIoSCAaG/8E77CZ
 H98A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1729255033; x=1729859833;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=9YPo3i7v/kQTTpmuSsVmbZo0GuKWJi20SuD8fjnk4QY=;
 b=fcCZlalvgY3/tu5WpIPnAe36FblQ6S4lV0MKwZoBtEhGCQ56vjCocLxTTErRGv9GJZ
 4z1BxF3+3QiWrscZnw79WCELVojSothVwIKOPRtr63a5nll0CbAZ9lCpMse18CloqMt0
 p9GqRpBVJH+Njtis/GVSDEhcySjeYcFE5M6d1GUr5ePxj8NooOvtWLHii0z+JDtbcjIW
 JyE4k3G/fAOeLASUmM2FAfdLA5+AoE4YUs8YsFWeLG6ikHCBCDp/5gOZbGPCd7cLR+yK
 EEEOaCvXADJLFBlINqOvWdKW2RLrG/u4q7lFp983Jix3Cwt11XjFcCgayzq1hXc3i7A9
 yytw==
X-Gm-Message-State: AOJu0YzS/vBuUcLCnGX+x/Xe9w0aLRZRR4RnTJxZVkirsXnga+VS+rDw
 R9J6jJ9NPGwuN+BmABJ61iKHJMsfHcZbOI58AAJITZh5d5YlHGiiEh++4w==
X-Google-Smtp-Source: AGHT+IFilG7QQI7vHDzv6TWjDTON3nnw3ogUms8NgLo8J8UHiZ1jpZwwre7Zsu/c0T93lLDDCMV05g==
X-Received: by 2002:a05:600c:3b05:b0:42c:b5f1:44ff with SMTP id
 5b1f17b1804b1-43161686a4cmr19929265e9.24.1729255032826; 
 Fri, 18 Oct 2024 05:37:12 -0700 (PDT)
Original-Received: from rltb ([2a01:e0a:3f3:fb51:50f5:80ef:8ddd:9f68])
 by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4316068c694sm26414625e9.13.2024.10.18.05.37.12
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 18 Oct 2024 05:37:12 -0700 (PDT)
In-Reply-To: <051392d4-3aa1-4852-a69d-9395a3892675@risk-engineering.org> (Eric
 Marsden's message of "Tue, 15 Oct 2024 09:06:49 +0200")
Received-SPF: pass client-ip=2a00:1450:4864:20::330;
 envelope-from=rpluim@gmail.com; helo=mail-wm1-x330.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.devel:324654
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/324654>

>>>>> On Tue, 15 Oct 2024 09:06:49 +0200, Eric Marsden <eric.marsden@risk-e=
ngineering.org> said:

    Eric> On 14/10/2024 11:22, Robert Pluim wrote:
    >>>>>>> On Sat, 12 Oct 2024 11:30:41 +0200, Eric Marsden <eric.marsden@=
risk-engineering.org> said:
    Eric> (1) It would be useful for elisp code to be able to determine whe=
ther
    Eric> Emacs has ALPN support. The elisp code will generally know that t=
he
    Eric> service it's connecting to requires ALPN, and it would be useful =
to be
    Eric> able to inform the user that they should upgrade Emacs, instead of
    Eric> getting a generic "connection failed" error. The C preprocessor t=
est
    Eric> HAVE_GNUTLS_ALPN_SET_PROTOCOLS=C2=A0 isn't visible from elisp, no=
r is (I
    Eric> think?) the binding to gnutls_alpn_set_protocols. This might also=
 be
    Eric> useful for other features such as the AEAD support. Perhaps a fun=
ction
    Eric> such as gnutls-feature-available-p(:alpn) ?
    >>=20
    >> `gnutls-available-p' returns a list of available TLS features, we ca=
n put
    >> "alpn" in there. AEAD is already there.
    Eric> OK, that sounds good to me, thanks.

    >> Yes, in order to palliate servers not following the requirement to be
    >> strict, the recommendation is for the client to be strict. I don=CA=
=BCt
    >> mind that, although we should add a way to turn it off. Perhaps an
    >> ":alpn-flags" parameter with symbols for the two current flags, plus
    >> one that means "zero".
    Eric> Also sounds good.

Except that it=CA=BCs not working. Either GNUTLS_ALPN_MANDATORY is a
server-only flag or I=CA=BCm using it wrong. More debugging required.

Robert
--=20