need help adding GnuTLS support to Emacs

Simon Josefsson simon at josefsson.org
Sat Aug 21 19:37:26 CEST 2010


Ted Zlatanov <tzz at lifelogs.com> writes:

> On Sat, 14 Aug 2010 01:53:02 +0200 Simon Josefsson <simon at josefsson.org> wrote: 
>
> SJ> Ted Zlatanov <tzz at lifelogs.com> writes:
>>> Thanks for your advice.  Attached is a revised version of the patch,
>>> rebased against today's Emacs.
>
> SJ> Nice work!
>
> SJ> It reminds me of the fun I had with similar ideas some time ago... see
> SJ> http://josefsson.org/securemacs/
>
> Simon, this *is* your patch! :)

That would explain why I recognized it. :-)

>>> +DEFUN ("gnutls-global-init", Fgnutls_global_init, 
>
> SJ> Do you really want to expose this function to elisp?  It is
> SJ> thread-unsafe.  It makes more sense if Emacs initialized the GnuTLS
> SJ> library on startup instead.
>
> Chong Yidong had the same question on the emacs-devel mailing list.  I
> was trying to keep your original patch mostly intact but I guess it can
> be done better.  I'll also put it all into gnutls.c instead of sending
> out patches to process.c.  I'll probably look at implementing a seamless
> "open stream" operation with all the options bundled in, instead of the
> "initialize, build, open" sequence that's familiar on the C side.

Sounds good.

>>> +DEFUN ("gnutls-protocol-set-priority", Fgnutls_protocol_set_priority, 
>>> +DEFUN ("gnutls-cipher-set-priority", Fgnutls_cipher_set_priority, 
>>> +DEFUN ("gnutls-compression-set-priority", Fgnutls_compression_set_priority, 
>
> SJ> Don't expose these deprecated APIs, instead just expose a
> SJ> gnutls-set-priority interface that takes a priority string.  It should
> SJ> be possible to specify all protocol/cipher/compression/MAC/etc variants
> SJ> using one simple string.
>
> I need to read up on GnuTLS.  Is there a particular example in the
> source that is best adapted to the Emacs use case (embedded, exposed
> through a secondary API, should handle as many options and errors as
> possible, could be a server or a client)?

Those APIs are deprecated and not needed any more.  They were
complicated to use, especially from non-C language bindings.  Just
remove all of them from C.

What you need to provide is a elisp function that takes a session and a
string and calls gnutls_priority_set_direct:

http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html#gnutls-priority-set-direct

For string format see:

http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html#gnutls-priority-init

Simple example code is here:
http://git.savannah.gnu.org/cgit/gnutls.git/tree/doc/examples/ex-client1.c

Calling this via elisp should be simple, I think.

> Yidong also had concerns about all the defconst's in the patch.  If we
> can use strings to specify options, that makes it much easier (although
> the Emacs Lisp side may still need work to assemble those options
> correctly).

With the above interface instead, just remove all the defconst's.

The string is something that should come from the elisp application, and
doesn't have to be provided by the gnutls.el file.  That's the beauty of
it.

/Simon




More information about the Gnutls-devel mailing list