From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Nikos Mavrogiannopoulos Newsgroups: gmane.emacs.devel,gmane.comp.encryption.gpg.gnutls.devel Subject: Re: Emacs core TLS support Date: Wed, 15 Sep 2010 14:13:57 +0200 Message-ID: References: <878wc1vfh3.fsf@lifelogs.com> <87r5ptpnz2.fsf@stupidchicken.com> <871vhsvkut.fsf@lifelogs.com> <87d41csktn.fsf@lifelogs.com> <87k4v0n0m8.fsf@lifelogs.com> <87wrrvfnc4.fsf@lifelogs.com> <87r5i2d00q.fsf@lifelogs.com> <87zkwqijye.fsf@stupidchicken.com> <878w4actmg.fsf@lifelogs.com> <877hju123h.fsf@stupidchicken.com> <8762yklrdk.fsf@lifelogs.com> <87wrqzhrjv.fsf@lifelogs.com> <87fwxmihyz.fsf@lifelogs.com> <8762ycfhqo.fsf@lifelogs.com> <87d3sf9soo.fsf@lifelogs.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Trace: dough.gmane.org 1284552858 13066 80.91.229.12 (15 Sep 2010 12:14:18 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Wed, 15 Sep 2010 12:14:18 +0000 (UTC) Cc: gnutls-devel@gnu.org, emacs-devel@gnu.org To: Ted Zlatanov Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Sep 15 14:14:17 2010 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1OvqsS-0002sZ-Hi for ged-emacs-devel@m.gmane.org; Wed, 15 Sep 2010 14:14:16 +0200 Original-Received: from localhost ([127.0.0.1]:35768 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OvqsR-0002UT-T5 for ged-emacs-devel@m.gmane.org; Wed, 15 Sep 2010 08:14:15 -0400 Original-Received: from [140.186.70.92] (port=34420 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OvqsJ-0002Tk-00 for emacs-devel@gnu.org; Wed, 15 Sep 2010 08:14:11 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1OvqsA-0001Zw-9g for emacs-devel@gnu.org; Wed, 15 Sep 2010 08:14:06 -0400 Original-Received: from mail-qy0-f169.google.com ([209.85.216.169]:53866) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OvqsA-0001Zq-6r; Wed, 15 Sep 2010 08:13:58 -0400 Original-Received: by qyk8 with SMTP id 8so4169935qyk.0 for ; Wed, 15 Sep 2010 05:13:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=ma8o6wGVyLyqIQzNCDmLPPysv3VrvF7UTqx6CsEdco4=; b=FAQSu4NAaluB7+nlvqNj3X1WaqvPve00iaROCGhbT/XjVm6s3QyVfpZD2sDtivOEbQ 9iTnAS3716vhZ83b+0uv96crZtUlnuNZQBPB2vDD9i29M63Hg0Zlxta7Ir4vL4ITVVP9 jRKDu/PW8UmXMzjti9HM+N2kpC5BoqsPKdkeY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=dliFK4I837O5rsr3jfz60TedXfCnyIzAdbg+u6jENT/svHhNKor4cbL4AIT1H5WX0j VH5gdqJ61LBH/bTmnnLXM1A6TG1OZw4gxhyMV1RqE/yUOTDmis+Fys/XJqvoST4Dsb/F aWaWbkT6VBvBXFAAs3LMXUSeM/HAOQorR6f4w= Original-Received: by 10.229.224.149 with SMTP id io21mr971912qcb.160.1284552837277; Wed, 15 Sep 2010 05:13:57 -0700 (PDT) Original-Received: by 10.229.28.17 with HTTP; Wed, 15 Sep 2010 05:13:57 -0700 (PDT) In-Reply-To: <87d3sf9soo.fsf@lifelogs.com> X-Google-Sender-Auth: UhPDz63JHrJ-0Zjod0hC2nmTOGI X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:130204 gmane.comp.encryption.gpg.gnutls.devel:4516 Archived-At: 2010/9/15 Ted Zlatanov : > NM> I cannot look at the patch but the example you are looking for is: > NM> http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-exa= mple-with-X_002e509-certificate-support.html#Simple-client-example-with-X_0= 02e509-certificate-support > NM> to do the connection, and this one to verify the certificate: > NM> http://www.gnu.org/software/gnutls/manual/html_node/Verifying-peer_00= 27s-certificate.html#Verifying-peer_0027s-certificate > Thanks for your help. =C2=A0I am still a little lost though :) > > Can you give a specific command line that would start gnutls-serv so the > simple client (ex-client2.c) you reference will connect to it? =C2=A0If > that's not possible, is there a way to augment ex-client2.c so it > connects to an invocation of gnutls-serv without building all the > gnutls-cli (cli.c, etc.) infrastructure? Use/check the gnutls-http-serv script in doc/credentials. It sets up a server with a certificate, ready for testing. If the server doesn't have a certificate it wouldn't be able to fully operate. > NM> GNUTLS_E_AGAIN is returned only if the transport layer function > NM> (recv/send) return -1 and EAGAIN. Usually this is normal behavior and= is > NM> enough to loop around them. Do you use non-blocking IO? > Ah, thanks for the hint. =C2=A0All the GnuTLS source code (e.g. the > do_handshake() function in cli.c) keeps looping forever as long as > GNUTLS_E_AGAIN is returned. =C2=A0That seems dangerous regardless of the > underlying mechanism because we don't want to lock up Emacs waiting for > a connection, but OTOH there's no other way to know if the handshake is > done. =C2=A0I limited it to 25000 times (used to be 25) in my patch. =C2= =A0Is that > a reasonable limit? =C2=A0Should I base it on time elapsed? > With a limit of 25K and by checking `gnutls-error-fatalp' which calls > `gnutls_error_is_fatal', the handshake succeeds after 1250 tries against > a remote SSL server. So now against that server I get: Maybe a time limit would be more reasonable, but it depends on the context. Why would you use non-blocking IO in that case? regards, Nikos