From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Chong Yidong Newsgroups: gmane.emacs.devel Subject: Re: Emacs core TLS support Date: Fri, 13 Aug 2010 11:57:45 -0400 Message-ID: <87zkwqijye.fsf@stupidchicken.com> References: <878wc1vfh3.fsf@lifelogs.com> <87r5ptpnz2.fsf@stupidchicken.com> <871vhsvkut.fsf@lifelogs.com> <87d41csktn.fsf@lifelogs.com> <87k4v0n0m8.fsf@lifelogs.com> <87wrrvfnc4.fsf@lifelogs.com> <87r5i2d00q.fsf@lifelogs.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: dough.gmane.org 1281715129 22833 80.91.229.12 (13 Aug 2010 15:58:49 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Fri, 13 Aug 2010 15:58:49 +0000 (UTC) Cc: emacs-devel@gnu.org To: Ted Zlatanov Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Aug 13 17:58:46 2010 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Ojwe1-0002TP-Q0 for ged-emacs-devel@m.gmane.org; Fri, 13 Aug 2010 17:58:46 +0200 Original-Received: from localhost ([127.0.0.1]:40655 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Ojwdv-0007vg-4p for ged-emacs-devel@m.gmane.org; Fri, 13 Aug 2010 11:58:03 -0400 Original-Received: from [140.186.70.92] (port=44283 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Ojwdn-0007uT-47 for emacs-devel@gnu.org; Fri, 13 Aug 2010 11:57:57 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1Ojwdf-0007eQ-DA for emacs-devel@gnu.org; Fri, 13 Aug 2010 11:57:48 -0400 Original-Received: from pantheon-po14.its.yale.edu ([130.132.50.23]:35683) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Ojwdf-0007eF-AC for emacs-devel@gnu.org; Fri, 13 Aug 2010 11:57:47 -0400 Original-Received: from furry (dhcp128036014221.central.yale.edu [128.36.14.221]) (authenticated bits=0) by pantheon-po14.its.yale.edu (8.12.11.20060308/8.12.11) with ESMTP id o7DFvjo9025454 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 13 Aug 2010 11:57:45 -0400 Original-Received: by furry (Postfix, from userid 1000) id 763EA16D402; Fri, 13 Aug 2010 11:57:45 -0400 (EDT) In-Reply-To: <87r5i2d00q.fsf@lifelogs.com> (Ted Zlatanov's message of "Fri, 13 Aug 2010 10:07:17 -0500") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) X-YaleITSMailFilter: Version 1.2c (attachment(s) not renamed) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4-2.6 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:128614 Archived-At: Hi Ted, Thanks for bringing up the patch again. I haven't read it closely, but here are some initial remarks and questions: Ted Zlatanov writes: > + do { > + rtnval = gnutls_read( state, buf, nbyte); > + printf("read %d bytes\n", rtnval); > + } while( rtnval==GNUTLS_E_INTERRUPTED || rtnval==GNUTLS_E_AGAIN); You should use the GNU style here. > +DEFUN ("gnutls-init", Fgnutls_init, Sgnutls_init, 2, 2, 0, > + doc: /* Initializes GNU TLS for process PROC for use as CONNECTION-END. This should be "Initialize" instead of "Initializes". In general, this docstring is not very informative. I have not been following this patch closely; just from reading the docstring, I'm not sure what gnutls-init is supposed to do. I assume that it means that, once it is called, all data sent from Emacs to the process PROC, and vice versa, will be encrypted using the GnuTLS library. Is that right? Does `gnutls-handshake' need to be called before, or after, this? What happens if you try to send data to PROC before `gnutls-handshake'? These issues should be explained in the docstring. More generally, why do we need to a separate `gnutls-init' call, instead of making `gnutls-handshake' and other functions automatically enable GnuTLS functionality for the process? > +DEFUN ("gnutls-deinit", Fgnutls_deinit, Sgnutls_deinit, 1, 1, 0, I think this should be called `gnutls-stop' or something like that; "deinit" is not a proper word. Maybe rename `gnutls-init' to `gnutls-start'. > +DEFUN ("gnutls-global-init", Fgnutls_global_init, > + Sgnutls_global_init, 0, 0, 0, > + doc: /* Initializes global GNU TLS state to defaults. > +Call `gnutls-global-deinit' when GNU TLS usage is no longer needed. > +Returns zero on success. */) This is again not very informative. Does it mean that it is equivalent to calling `gnutls-init' on every process by default? > +DEFUN ("gnutls-global-deinit", Fgnutls_global_deinit, Again, "deinit" should not be used. > +DEFUN ("gnutls-protocol-set-priority", Fgnutls_protocol_set_priority, > + Sgnutls_protocol_set_priority, 1, MANY, 0, > + doc: /* Sets the priority on the protocol versions supported by GNU TLS for PROCESS. > +The first parameter must be a process. Subsequent parameters should > +be integers. Priority is higher for protocols specified before Use the word "argument" instead of "parameter". Also, there is some formatting mix-up in this and other docstrings.