From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Andreas Schwab Newsgroups: gmane.emacs.devel,gmane.comp.encryption.gpg.gnutls.devel Subject: Re: Emacs core TLS support Date: Sun, 05 Sep 2010 10:06:09 +0200 Message-ID: References: <878wc1vfh3.fsf@lifelogs.com> <87r5ptpnz2.fsf@stupidchicken.com> <871vhsvkut.fsf@lifelogs.com> <87d41csktn.fsf@lifelogs.com> <87k4v0n0m8.fsf@lifelogs.com> <87wrrvfnc4.fsf@lifelogs.com> <87r5i2d00q.fsf@lifelogs.com> <87zkwqijye.fsf@stupidchicken.com> <878w4actmg.fsf@lifelogs.com> <877hju123h.fsf@stupidchicken.com> <8762yklrdk.fsf@lifelogs.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: dough.gmane.org 1283685509 30008 80.91.229.12 (5 Sep 2010 11:18:29 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sun, 5 Sep 2010 11:18:29 +0000 (UTC) Cc: gnutls-devel@gnu.org, emacs-devel@gnu.org To: Ted Zlatanov Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Sep 05 13:18:27 2010 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1OsDEw-0006Tx-UJ for ged-emacs-devel@m.gmane.org; Sun, 05 Sep 2010 13:18:27 +0200 Original-Received: from localhost ([127.0.0.1]:59367 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OsDEw-00041v-Q8 for ged-emacs-devel@m.gmane.org; Sun, 05 Sep 2010 07:18:26 -0400 Original-Received: from [140.186.70.92] (port=47441 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OsD8K-0007MW-SY for emacs-devel@gnu.org; Sun, 05 Sep 2010 07:11:44 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1OsAEx-0005oH-4w for emacs-devel@gnu.org; Sun, 05 Sep 2010 04:06:18 -0400 Original-Received: from mail-out.m-online.net ([212.18.0.10]:52939) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OsAEw-0005o5-O0; Sun, 05 Sep 2010 04:06:15 -0400 Original-Received: from frontend1.mail.m-online.net (unknown [192.168.8.180]) by mail-out.m-online.net (Postfix) with ESMTP id 5FD281C00185; Sun, 5 Sep 2010 10:06:11 +0200 (CEST) X-Auth-Info: GoQBMi6WJPuajbpKxj/MIyv9Ob5VP5ALtWOIWftiFpY= Original-Received: from whitebox.home (ppp-88-217-120-203.dynamic.mnet-online.de [88.217.120.203]) by mail.mnet-online.de (Postfix) with ESMTPA id 1F9271C0015F; Sun, 5 Sep 2010 10:06:11 +0200 (CEST) Original-Received: by whitebox.home (Postfix, from userid 501) id F140B1E52EB; Sun, 5 Sep 2010 10:06:09 +0200 (CEST) X-Yow: JAPAN is a WONDERFUL planet -- I wonder if we'll ever reach their level of COMPARATIVE SHOPPING... In-Reply-To: <8762yklrdk.fsf@lifelogs.com> (Ted Zlatanov's message of "Sat, 04 Sep 2010 23:57:11 -0500") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:129690 gmane.comp.encryption.gpg.gnutls.devel:4475 Archived-At: Ted Zlatanov writes: > +int > +emacs_gnutls_write (int fildes, gnutls_session_t state, char *buf, > + unsigned int nbyte) > +{ > + register int rtnval, bytes_written; > + > + puts("emacs_gnutls_write"); You should remove the debugging output. > +DEFUN ("gnutls-init", Fgnutls_init, Sgnutls_init, 2, 2, 0, > + doc: /* Initializes GNU TLS for process PROC for use as CONNECTION-END. > +CONNECTION-END is used to indicate if this process is as a server or > +client. Can be one of `gnutls-client' and `gnutls-server'. Currently > +only `gnutls-client' is supported. > + > +Processes must be initialized with this function before other GNU TLS > +functions are used. This function allocates resources which can only > +be deallocated by calling `gnutls-deinit'. Returns zero on success. */) > + (Lisp_Object proc, Lisp_Object connection_end) > +{ > + int ret; > + > + CHECK_PROCESS (proc); > + > + ret = gnutls_init((gnutls_session_t*)&(XPROCESS(proc)->gnutls_state), Aliasing violation. > + connection_end); > + > + return XINT(ret); IMHO all your functions should return t on success and either some error symbol on failure or even raise an error. > +DEFUN ("gnutls-cred-set", Fgnutls_cred_set, > + Sgnutls_cred_set, 2, 2, 0, > + doc: /* Enables GNU TLS authentication for PROCESS. > +TYPE is an integer indicating the type of the credentials, either > +`gnutls-anon', `gnutls-srp' or `gnutls-x509pki'. > + > +Each authentication type may need additional information in order to > +work. For anonymous (`gnutls-anon'), see also > +`gnutls-anon-set-client-cred'. For SRP (`gnutls-srp'), see also > +`gnutls-srp-set-client-cred'. For X.509 PKI (`gnutls-x509pki'), see > +also `gnutls-x509pki-set-client-trust-file', > +`gnutls-x509pki-set-client-key-file', and > +`gnutls-x509pki-set-cert-callback'. */) > + (Lisp_Object proc, Lisp_Object type) > +{ > + gnutls_session_t state; > + gnutls_certificate_credentials_t x509_cred; > + gnutls_anon_client_credentials_t anon_cred; > + gnutls_srp_client_credentials_t srp_cred; > + int ret; > + > + CHECK_PROCESS (proc); > + state = (gnutls_session_t) XPROCESS(proc)->gnutls_state; > + > + x509_cred = (gnutls_certificate_client_credentials) XPROCESS(proc)->x509_cred; > + anon_cred = (gnutls_anon_client_credentials_t) XPROCESS(proc)->anon_cred; > + srp_cred = (gnutls_srp_client_credentials_t) XPROCESS(proc)->srp_cred; > + > + switch (XINT (type)) Need to check type. > + return XINT(ret); return make_number (ret); > + // defsubr (&Sgnutls_x509pki_set_client_key_file); > + // defsubr (&Sgnutls_x509pki_set_client_trust_file); > + // defsubr (&Sgnutls_srp_set_client_cred); > + // defsubr (&Sgnutls_anon_set_client_cred); No C99. > === added file 'src/gnutls.h' > --- src/gnutls.h 1970-01-01 00:00:00 +0000 > +++ src/gnutls.h 2010-09-05 04:42:32 +0000 > @@ -0,0 +1,4 @@ > +#ifdef HAVE_GNUTLS > +#include > + > +#endif I don't see the point of this header. > === modified file 'src/process.h' > --- src/process.h 2010-08-11 12:34:46 +0000 > +++ src/process.h 2010-09-05 04:42:32 +0000 > @@ -121,6 +121,14 @@ > needs to be synced to `status'. */ > unsigned int raw_status_new : 1; > int raw_status; > + > +#ifdef HAVE_GNUTLS > + /* XXX Store GNU TLS state and auth mechanisms in Lisp_Objects. */ > + Lisp_Object gnutls_state; > + Lisp_Object x509_cred, x509_callback; > + Lisp_Object anon_cred; > + Lisp_Object srp_cred; > +#endif None of them should be Lisp_Objects. Also make sure the resources are properly released when the process object is deleted. Andreas. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different."