From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.devel Subject: Re: url-retrieve-synchronously randomly fails on https URLs (patch included) Date: Fri, 02 Nov 2007 11:02:42 -0400 Message-ID: References: <20071027104716.E9BA773545@tanja.localdomain> <1c34ba170710280540g5b2a9983o33abfcba2843d95@mail.gmail.com> <1c34ba170710291348v36cb5b83ybbb4a7f988f486b1@mail.gmail.com> Reply-To: rms@gnu.org NNTP-Posting-Host: lo.gmane.org Content-Type: text/plain; charset=ISO-8859-15 X-Trace: ger.gmane.org 1194017446 22514 80.91.229.12 (2 Nov 2007 15:30:46 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 2 Nov 2007 15:30:46 +0000 (UTC) Cc: jas@extundo.com To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Nov 02 16:30:49 2007 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1InyTn-00029B-G2 for ged-emacs-devel@m.gmane.org; Fri, 02 Nov 2007 16:30:39 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1InyTd-0004gz-EM for ged-emacs-devel@m.gmane.org; Fri, 02 Nov 2007 11:30:29 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1InyTZ-0004eJ-Fo for emacs-devel@gnu.org; Fri, 02 Nov 2007 11:30:25 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1InyTU-0004SA-Cp for emacs-devel@gnu.org; Fri, 02 Nov 2007 11:30:24 -0400 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1InyTU-0004Rd-5P for emacs-devel@gnu.org; Fri, 02 Nov 2007 11:30:20 -0400 Original-Received: from fencepost.gnu.org ([140.186.70.10]) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1Iny3T-0007Hv-Oy for emacs-devel@gnu.org; Fri, 02 Nov 2007 11:03:27 -0400 Original-Received: from rms by fencepost.gnu.org with local (Exim 4.60) (envelope-from ) id 1Iny2k-0003JW-5D; Fri, 02 Nov 2007 11:02:42 -0400 In-reply-to: <1c34ba170710291348v36cb5b83ybbb4a7f988f486b1@mail.gmail.com> (riccardo.murri@gmail.com) X-detected-kernel: by monty-python.gnu.org: Linux 2.6, seldom 2.4 (older, 4) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:82362 Archived-At: Would someone please install this patch by Riccardo Murri into Emacs 22? And then ack? Simon, would you please add comments near the code in GNUtls that outputs these messages, telling people to watch out for the need for Emacs to detect the last part of the messages? * (tls-end-of-info): New variable. * (open-tls-stream): Keep reading input until `tls-end-of-info' is matched. -- Riccardo Murri, via Galeazzo Alessi 61, 00176 Roma --- src/emacs22/lisp/net/tls.el 2007-08-05 21:06:12.000000000 +0200 +++ emacs/lisp/tls.el 2007-10-29 19:17:33.000000000 +0100 @@ -51,6 +51,9 @@ (autoload 'format-spec "format-spec") (autoload 'format-spec-make "format-spec")) +(eval-when-compile + (require 'rx)) ; for writing readable regexps + (defgroup tls nil "Transport Layer Security (TLS) parameters." :group 'comm) @@ -89,6 +92,40 @@ :type 'string :group 'tls) +(defcustom tls-end-of-info + (rx + (or + ;; `openssl s_client` regexp + (sequence + ;; see ssl/ssl_txt.c lines 219--220 + line-start + " Verify return code: " + (one-or-more not-newline) + "\n" + ;; according to apps/s_client.c line 1515 this is always the last + ;; line that is printed by s_client before the real data + "---\n") + + ;; `gnutls` regexp + (sequence + ;; see src/cli.c lines 721-- + (sequence line-start "- Simple Client Mode:\n") + (zero-or-more + (or + "\n" ; ignore blank lines + ;; XXX: we have no way of knowing if the STARTTLS handshake + ;; sequence has completed successfully, because `gnutls` will + ;; only report failure. + (sequence line-start "\*\*\* Starting TLS handshake\n")))))) + "Regexp matching end of TLS client informational messages. +Client data stream begins after the last character matched by this. + +The default matches `openssl s_client' (version 0.9.8c) and +`gnutls-cli' (version 2.0.1) output." + :version "22.1" + :type 'regexp + :group 'tls) + (defun tls-certificate-information (der) "Parse X.509 certificate in DER format into an assoc list." (let ((certificate (concat "-----BEGIN CERTIFICATE-----\n" @@ -130,6 +167,8 @@ process cmd done) (if use-temp-buffer (setq buffer (generate-new-buffer " TLS"))) + (save-excursion + (set-buffer buffer) (message "Opening TLS connection to `%s'..." host) (while (and (not done) (setq cmd (pop cmds))) (message "Opening TLS connection with `%s'..." cmd) @@ -146,19 +185,34 @@ port))))) (while (and process (memq (process-status process) '(open run)) - (save-excursion - (set-buffer buffer) ;; XXX "blue moon" nntp.el bug + (progn (goto-char (point-min)) (not (setq done (re-search-forward tls-success nil t))))) (unless (accept-process-output process 1) (sit-for 1))) (message "Opening TLS connection with `%s'...%s" cmd (if done "done" "failed")) - (if done - (setq done process) - (delete-process process)))) + (if (not done) + (delete-process process) + ;; advance point to after all informational messages that + ;; `openssl s_client' and `gnutls' print + (let ((start-of-data nil)) + (while + (not (setq start-of-data + ;; the string matching `tls-end-of-info' + ;; might come in separate chunks from + ;; `accept-process-output', so start the + ;; search where `tls-success' ended + (save-excursion + (if (re-search-forward tls-end-of-info nil t) + (match-end 0))))) + (accept-process-output process 1)) + (if start-of-data + ;; move point to start of client data + (goto-char start-of-data))) + (setq done process)))) (message "Opening TLS connection to `%s'...%s" - host (if done "done" "failed")) + host (if done "done" "failed"))) (when use-temp-buffer (if done (set-process-buffer process nil)) (kill-buffer buffer))