Emacs core TLS support

[Ted Zlatanov]

On Thu, 30 Sep 2010 12:10:22 +0200 Simon Josefsson <simon at josefsson.org> wrote: 

SJ> Ted Zlatanov <tzz at lifelogs.com> writes:
>>>> +PRIORITY-STRING is as per the GnuTLS docs.
>> 
SJ> Maybe there could be an info hyperlink here?
SJ> I was thinking to the Info manual.  Just a nit...

Generally I don't see Info links in the function docstrings.  It's
common to link to other functions, but I don't know about Info links.
Maybe someone more knowledgeable can say.

It's pretty unusual to use a priority string other than the default of
"NORMAL", right?  I think if we provide decent defaults, this will
rarely need to be checked and so it's not too important to provide live
links to a manual.

SJ> 2) The design makes it a bit difficult to support multiple
SJ> credentials.  The GnuTLS API allows clients to have several
SJ> credentials (X.509, OpenPGP, etc).

Do you think it's sensible to add the complexity of multiple
credentials?  It would make the current API much heavier.  Right now we
just have a credential type (anon or X.509) and a few options for
trust/keyfiles, etc.  Stacking multiple credentials could maybe work by
passing multiple plists, each with its own type, instead of just one, to
gnutls-boot.  But is that really a common scenario for a client?

>> As I mentioned earlier I think GnuTLS should consider further
>> extending the idea of priority strings to a full configuration
>> (credentials especially) in a single string or file.  That would make
>> using it so much easier from Emacs Lisp.

SJ> Hm.  Interesting, yes, it could do that.  I'm not sure it makes sense to
SJ> support at the C layer, but I'll think about it.

Thanks.  That would be very nice for talking to GnuTLS not only from
Emacs, but from Perl and other scripting languages and even from the
shell as well.

Ted