Re: [PATCH] GnuTLS support on Woe32

[Ted Zlatanov]

On Tue, 22 Mar 2011 21:20:21 -0400 Stefan Monnier <address@hidden> wrote: 

>> Because of the way SSL and TLS work, the connection may start out
>> unencrypted and the upgrade is sort of opportunistic.  So we don't know
>> in advance if we'll need the `gnutls-hostname'.

SM> I must be missing something: the code seems to read `gnutls-hostname'
SM> right after reading the keyword arguments, so it behaves just like
SM> a keyword argument AFAICT.  And the caller of gnutls-boot seems to set
SM> it just before calling gnutls-negotiate/gnutls-boot so it seems that
SM> from the caller's POV it could also be replaced by an additional
SM> argument to gnutls-boot/negotiate.

Oh, and it was buggy too :)  Sorry for putting up crappy code but I
honestly thought it was a good approach at the time.  The latest patch
("revised 2011-03-23" posted this morning) does it better, simply using
an extra :hostname parameter to `gnutls-negotiate'.

Thanks for explaining about `process-put' and `process-get' (which I had
completely forgotten).  I appreciate your patience.

>> Sorry this patch is getting so large.  I'll try to fix all the issues
>> ASAP.  We need Claudio Bley's papers too, right?

SM> I don't know, I haven't tracked what comes from where.

The ChangeLog diffs (appended) explain:

- Claudio and I worked on src/gnutls.c and lisp/net/gnutls.el; my work
  was to add callback support (though it is unused yet at the C level)
  and certificate and hostname verification.

- Claudio did everything else (W32 support plus some bug fixes)

The only remaining annoyance for me is that Claudio's code does logging
in a non-standard way, ignoring `gnutls-log-level', so thousands of
warnings get logged while the connections is being retried.  I mentioned
that to him and I'll see that it's fixed before this patch goes in.

Ted

=== modified file 'lib-src/ChangeLog'
--- lib-src/ChangeLog   2011-03-12 19:19:47 +0000
+++ lib-src/ChangeLog   2011-03-22 17:49:45 +0000
@@ -1,3 +1,7 @@
+2011-03-06  Claudio Bley  <address@hidden>
+
+       * makefile.w32-in (obj): Added gnutls.o.
+
 2011-03-03  Drake Wilson  <address@hidden>  (tiny change)
 
        * emacsclient.c (longopts): Add quiet.

=== modified file 'lisp/ChangeLog'
--- lisp/ChangeLog      2011-03-22 15:38:40 +0000
+++ lisp/ChangeLog      2011-03-22 17:50:32 +0000
@@ -1,3 +1,18 @@
+2011-03-22  Teodor Zlatanov  <address@hidden>
+
+       * net/gnutls.el (gnutls-hostname): New buffer-local variable for
+       hostname verification.
+       (gnutls-negotiate): Add verify-flags, verify-error, and
+       verify-hostname-error.
+       (open-gnutls-stream): Add usage example.
+
+2011-03-22  Claudio Bley  <address@hidden>
+
+       * net/gnutls.el (gnutls-negotiate): Check whether default
+       trustfile exists before going to use it. Add missing argument to
+       gnutls-message-maybe call. Return return value.
+
+
 2011-03-22  Leo Liu  <address@hidden>
 
        * abbrev.el (write-abbrev-file): Use utf-8 for writing if it can

=== modified file 'nt/ChangeLog'
--- nt/ChangeLog        2011-03-12 19:19:47 +0000
+++ nt/ChangeLog        2011-03-22 17:49:45 +0000
@@ -1,3 +1,10 @@
+2011-03-06  Claudio Bley  <address@hidden>
+
+       * configure.bat: New options --without-gnutls and --lib, new build
+       variable USER_LIBS, automatically detect GnuTLS.
+       * INSTALL: Add instructions for GnuTLS support.
+       * gmake.defs: Prefix USER_LIB's with -l.
+
 2011-02-27  Eli Zaretskii  <address@hidden>
 
        * inc/unistd.h (readlink, symlink): Declare prototypes.

=== modified file 'src/ChangeLog'
--- src/ChangeLog       2011-03-20 23:58:23 +0000
+++ src/ChangeLog       2011-03-22 17:49:45 +0000
@@ -1,3 +1,37 @@
+2011-03-22  Teodor Zlatanov  <address@hidden>
+
+       * gnutls.c: Renamed global_initialized to
+       gnutls_global_initialized.  Added internals for the
+       :verify-hostname-error, :verify-error, and :verify-flags
+       parameters of `gnutls-boot' and documented those parameters in the
+       docstring.  Start callback support.
+
+2011-03-20  Claudio Bley  <address@hidden>
+
+       * w32.h: (emacs_gnutls_pull): Add prototype.
+       (emacs_gnutls_push): Likewise.
+
+       * w32.c: (emacs_gnutls_pull): New function for GnuTLS on Woe32.
+       (emacs_gnutls_push): Likewise.
+
+       * process.c (wait_reading_process_output): Check if GnuTLS
+       buffered some data internally if no FDs are set for TLS
+       connections.
+
+       * makefile.w32-in (OBJ2): Add gnutls.$(O).
+       (LIBS): Link to USER_LIBS.
+       ($(BLD)/gnutls.$(0)): New target.
+
+       * gnutls.c (emacs_gnutls_handle_error): New function.
+       (wsaerror_to_errno): Likewise.
+       (emacs_gnutls_handshake): Add Woe32 support. Retry handshake
+       unless a fatal error occured. Call gnutls_alert_send_appropriate
+       on error. Return error code.
+       (emacs_gnutls_write): Call emacs_gnutls_handle_error.
+       (emacs_gnutls_read): Likewise.
+       (Fgnutls_boot): Return handshake error code.
+
+
 2011-03-20  Glenn Morris  <address@hidden>
 
        * config.in: Remove file.