From: ludo@gnu.org (Ludovic Courtès)
To: Christopher Allan Webber <cwebber@dustycloud.org>
Cc: 24075@debbugs.gnu.org
Subject: bug#24075: tls/https support in Guile (through r6rs binary ports?)
Date: Sat, 05 Nov 2016 20:02:32 +0100 [thread overview]
Message-ID: <87fun56987.fsf@gnu.org> (raw)
In-Reply-To: <87r36p6aaz.fsf@dustycloud.org> (Christopher Allan Webber's message of "Sat, 05 Nov 2016 13:39:16 -0500")
Hi!
Christopher Allan Webber <cwebber@dustycloud.org> skribis:
>>From d4def07779c5532ffc6b7ee13820919bc23d1811 Mon Sep 17 00:00:00 2001
> From: Christopher Allan Webber <cwebber@dustycloud.org>
> Date: Thu, 17 Sep 2015 15:14:54 -0500
> Subject: [PATCH] web: Add https support through gnutls.
>
> Since importing gnutls directly would result in a dependency cycle,
> we load gnutls lazily.
>
> This uses code originally written for Guix by Ludovic
>
> * module/web/client.scm: (%http-receive-buffer-size)
> (warn-no-gnutls-return-false, gnutls-module, ensure-gnutls)
> (gnutls-ref, tls-wrap): New variables.
> (open-socket-for-uri): Wrap in tls when uri scheme is https.
Woohoo, cool!
> +(define (ensure-gnutls)
> + (if (not (force gnutls-module))
> + (throw 'gnutls-not-available "(gnutls) module not available")))
I wonder if this is the right exception, but I can’t think of anything
better (there’s no generic “not supported” exception I think; (throw
'system-error … ENOSYS) would do that but it’s too vague.)
> +(define (gnutls-ref symbol)
> + "Fetch method-symbol from the gnutls module"
> + (module-ref (force gnutls-module) symbol))
> +
> (define current-http-proxy
> (make-parameter (let ((proxy (getenv "http_proxy")))
> (and (not (equal? proxy ""))
> proxy))))
>
> +(define (tls-wrap port server)
> + "Return PORT wrapped in a TLS connection to SERVER. SERVER must be a DNS
> +host name without trailing dot."
> + (define (log level str)
> + (format (current-error-port)
> + "gnutls: [~a|~a] ~a" (getpid) level str))
> +
> + (ensure-gnutls)
> +
> + (let ((session ((gnutls-ref 'make-session)
> + (gnutls-ref 'connection-end/client))))
What about leaving the ‘ensure-gnutls’ call and then simply use the
GnuTLS symbols directly and rely on autoloading, as in (guix build
download)?
--8<---------------cut here---------------start------------->8---
;; Autoload GnuTLS so that this module can be used even when GnuTLS is
;; not available. At compile time, this yields "possibly unbound
;; variable" warnings, but these are OK: we know that the variables will
;; be bound if we need them, because (guix download) adds GnuTLS as an
;; input in that case.
;; XXX: Use this hack instead of #:autoload to avoid compilation errors.
;; See <http://bugs.gnu.org/12202>.
(module-autoload! (current-module)
'(gnutls) '(make-session connection-end/client))
--8<---------------cut here---------------end--------------->8---
That would lead more concise and slightly more efficient code, and I
think it would still work as expected in the absence of (gnutls).
WDYT?
> + (define (read! bv start count)
> + (define read-bv (get-bytevector-n record count))
> + (define read-bv-len (bytevector-length read-bv))
> + (bytevector-copy! read-bv 0 bv 0 read-bv-len)
> + read-bv-len)
Beware: ‘get-bytevector-n’ can return the EOF object instead of a
number, so you need to check for that. (Conversely, ‘read!’ needs to
return 0 to indicate EOF.)
> + (define (open-socket)
> + (let loop ((addresses addresses))
Or just “(define sock …”.
Otherwise works for me!
Could you document HTTPS support in the doc of ‘open-socket-for-uri’
(info "(guile) Web Client")? Probably with something like:
@xref{Guile Preparations,
how to install the GnuTLS bindings for Guile,, gnutls-guile,
GnuTLS-Guile}, for more information.
Thank you Chris!
Ludo’.
next prev parent reply other threads:[~2016-11-05 19:02 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-26 15:55 bug#24075: tls/https support in Guile (through r6rs binary ports?) Christopher Allan Webber
2016-08-04 20:37 ` Andy Wingo
2016-08-21 15:58 ` Christopher Allan Webber
2016-11-05 18:39 ` Christopher Allan Webber
2016-11-05 19:02 ` Ludovic Courtès [this message]
2016-11-06 17:37 ` Christopher Allan Webber
2016-11-06 21:13 ` Ludovic Courtès
2016-11-07 18:14 ` Christopher Allan Webber
2016-11-07 20:13 ` Ludovic Courtès
2016-11-06 18:32 ` Christopher Allan Webber
2016-11-06 21:06 ` Ludovic Courtès
2016-11-07 4:40 ` Christopher Allan Webber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/guile/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fun56987.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=24075@debbugs.gnu.org \
--cc=cwebber@dustycloud.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).