From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.emacs.devel
Subject: Re: final GnuTLS API!
Date: Mon, 04 Oct 2010 09:44:44 -0500
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
Message-ID: <87iq1if25f.fsf@lifelogs.com>
References: <878wc1vfh3.fsf@lifelogs.com>
	<jwvlj7fg7gk.fsf-monnier+emacs@gnu.org> <87wrqzhrjv.fsf@lifelogs.com>
	<jwvmxruehco.fsf-monnier+emacs@gnu.org> <87fwxmihyz.fsf@lifelogs.com>
	<8762ycfhqo.fsf@lifelogs.com>
	<AANLkTim_joNAMDoUACseNbTwVEn6dOAexWzb7PKML7K2@mail.gmail.com>
	<87d3sf9soo.fsf@lifelogs.com>
	<AANLkTi=rhyF+sDFs0EnQpmi4GdOrdetKD5ODXz09CgMc@mail.gmail.com>
	<87r5gh2fzj.fsf@lifelogs.com> <m37hi86unu.fsf@jhcloos.com>
	<m3lj6nmhnz.fsf@quimbies.gnus.org> <m3eicfmgsp.fsf@quimbies.gnus.org>
	<87zkv38cy5.fsf@lifelogs.com> <m3lj6k7lsz.fsf@quimbies.gnus.org>
	<87k4m4zdgn.fsf@lifelogs.com> <87eic7icg2.fsf@lifelogs.com>
	<87aamvib7q.fsf@lifelogs.com> <m38w2ej426.fsf@quimbies.gnus.org>
	<871v86iwd1.fsf_-_@lifelogs.com> <m3iq1i8c7e.fsf@quimbies.gnus.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: dough.gmane.org 1286203523 5428 80.91.229.12 (4 Oct 2010 14:45:23 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Mon, 4 Oct 2010 14:45:23 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Oct 04 16:45:22 2010
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1P2mI5-00059G-7o
	for ged-emacs-devel@m.gmane.org; Mon, 04 Oct 2010 16:45:21 +0200
Original-Received: from localhost ([127.0.0.1]:38825 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1P2mI4-00018A-Mr
	for ged-emacs-devel@m.gmane.org; Mon, 04 Oct 2010 10:45:20 -0400
Original-Received: from [140.186.70.92] (port=41492 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1P2mHk-0000z6-PP
	for emacs-devel@gnu.org; Mon, 04 Oct 2010 10:45:03 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1P2mHg-0008Py-3t
	for emacs-devel@gnu.org; Mon, 04 Oct 2010 10:45:00 -0400
Original-Received: from lo.gmane.org ([80.91.229.12]:39825)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1P2mHf-0008PZ-PC
	for emacs-devel@gnu.org; Mon, 04 Oct 2010 10:44:56 -0400
Original-Received: from list by lo.gmane.org with local (Exim 4.69)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1P2mHc-000531-9o
	for emacs-devel@gnu.org; Mon, 04 Oct 2010 16:44:52 +0200
Original-Received: from 38.98.147.130 ([38.98.147.130])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Mon, 04 Oct 2010 16:44:52 +0200
Original-Received: from tzz by 38.98.147.130 with local (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Mon, 04 Oct 2010 16:44:52 +0200
X-Injected-Via-Gmane: http://gmane.org/
Original-Lines: 24
Original-X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: 38.98.147.130
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
	d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
	D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/24.0.50 (gnu/linux)
Cancel-Lock: sha1:DYlT6JYrvXHijIc5wN+08mN4D/U=
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:131322
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/131322>

On Mon, 04 Oct 2010 12:49:25 +0200 Lars Magne Ingebrigtsen <larsi@gnus.org> wrote: 

LMI> It looks very usable.  The normal open-gnutls-stream is what most people
LMI> will use, and gnutls-negotiate is convenient for use if you're doing
LMI> STARTTLS.

Great.  You can add it into Gnus as a network stream option if you want.

LMI> But how do you say "I don't care whether the server has a valid
LMI> certificate or not" or "I do care"?

With callbacks.  There will be a standard (not the default)
'gnutls-accept-all callback on certificate verification and the default
will probably be nil to let GnuTLS verify them internally (which it does
now IIUC).  I also want a callback that verifies, queries the user if
the certificate is unknown, and stores the certificate if accepted.  I'm
talking to the GnuTLS guys about that.  It may be a problem because I
think the handshake blocks the Emacs display thread, so we may have to
abort the handshake, query the user, then retry the handshake.

All of these callbacks will be in an alist under the :callbacks key in
the gnutls-boot parameters.

Ted