Re: gnutls status - Ted Zlatanov

Gnus development mailing list
 help / color / mirror / Atom feed

From: Ted Zlatanov <tzz@lifelogs.com>
To: ding@gnus.org
Cc: emacs-devel@gnu.org
Subject: Re: gnutls status
Date: Tue, 01 Mar 2011 15:52:52 -0600	[thread overview]
Message-ID: <874o7mqzij.fsf@lifelogs.com> (raw)
In-Reply-To: <87tyigm04p.fsf@lifelogs.com>

[-- Attachment #1: Type: text/plain, Size: 1682 bytes --]

On Tue, 14 Dec 2010 16:59:34 -0600 Ted Zlatanov <tzz@lifelogs.com> wrote: 

TZ> On Fri, 26 Nov 2010 15:10:39 +0100 Lars Magne Ingebrigtsen <larsi@gnus.org> wrote: 
LMI> Is 2.10.x at least backwards-compatible, so that if we do implement the
LMI> complicated 2.8.x features, it'll continue to work in the future, too?

TZ> Yes.  They try really hard to keep backwards compatibility.  I'd guess
TZ> for all 2.x releases we'll be OK unless there's newer features we simply
TZ> must have :)

Argh, GnuTLS 2.8.x is still standard on Ubuntu 10.10, so practically we
should support it.  Below is my first (untested) patch to generate the
HAVE_GNUTLS_CALLBACK_CERTIFICATE_RETRIEVE and
HAVE_GNUTLS_CALLBACK_CERTIFICATE_VERIFY definitions in the configure.in
using AC_CHECK_FUNCS and then use them (currently just #ifdef
placeholders) in gnutls.c.  I plan to retrieve them from the :callbacks
alist parameter to `gnutls-boot'.

Regenerating "configure" failed for me.  I get this error at the end:

./configure: line 12620: gl_ASSERT_NO_GNULIB_POSIXCHECK: command not found
./configure: line 12621: gl_ASSERT_NO_GNULIB_TESTS: command not found
./configure: line 12622: gl_INIT: command not found
checking for lstat... yes
./configure: line 12648: syntax error near unexpected token `lstat'
./configure: line 12648: `gl_SYS_STAT_MODULE_INDICATOR(lstat)'

at the end.  But it gets far enough that I can tell the tests are being
run.  This is why the patch is untested; I'll see if I can figure out
why that's happening.  It may be an Ubuntu oddity.

Please let me know if the proposed approach is reasonable and if you
have any comments.  In theory this should be pretty trivial.

Thanks
Ted

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: callbacks.patch --]
[-- Type: text/x-diff, Size: 2684 bytes --]

=== modified file 'configure.in'
--- configure.in	2011-02-24 04:28:17 +0000
+++ configure.in	2011-03-01 21:39:23 +0000
@@ -1972,12 +1972,26 @@
 AC_SUBST(LIBSELINUX_LIBS)

 HAVE_GNUTLS=no
+HAVE_GNUTLS_CALLBACK_CERTIFICATE_VERIFY=no
+HAVE_GNUTLS_CALLBACK_CERTIFICATE_RETRIEVE=no
 if test "${with_gnutls}" = "yes" ; then
   PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 2.2.4], HAVE_GNUTLS=yes, HAVE_GNUTLS=no)
   if test "${HAVE_GNUTLS}" = "yes"; then
     AC_DEFINE(HAVE_GNUTLS, 1, [Define if using GnuTLS.])
   fi
+
+  AC_CHECK_FUNCS(gnutls_certificate_set_verify_function, HAVE_GNUTLS_CALLBACK_CERTIFICATE_VERIFY=yes)
+  AC_CHECK_FUNCS(gnutls_certificate_client_set_retrieve_function, HAVE_GNUTLS_CALLBACK_CERTIFICATE_RETRIEVE=yes)
+
+  if test "${HAVE_GNUTLS_CALLBACK_CERTIFICATE_RETRIEVE}" = "yes"; then
+    AC_DEFINE(HAVE_GNUTLS_CALLBACK_CERTIFICATE_RETRIEVE, 1, [Define if using GnuTLS certificate retrieval callbacks.])
+  fi
+
+  if test "${HAVE_GNUTLS_CALLBACK_CERTIFICATE_VERIFY}" = "yes"; then
+    AC_DEFINE(HAVE_GNUTLS_CALLBACK_CERTIFICATE_VERIFY, 1, [Define if using GnuTLS certificate verification callbacks.])
+  fi
 fi
+
 AC_SUBST(LIBGNUTLS_LIBS)
 AC_SUBST(LIBGNUTLS_CFLAGS)

@@ -3667,6 +3681,8 @@
 echo "  Does Emacs use -lgconf?                                 ${HAVE_GCONF}"
 echo "  Does Emacs use -lselinux?                               ${HAVE_LIBSELINUX}"
 echo "  Does Emacs use -lgnutls?                                ${HAVE_GNUTLS}"
+echo "  Does Emacs use -lgnutls certificate verify callbacks?   ${HAVE_GNUTLS_CALLBACK_CERTIFICATE_VERIFY}"
+echo "  Does Emacs use -lgnutls certificate retrieve callbacks? ${HAVE_GNUTLS_CALLBACK_CERTIFICATE_RETRIEVE}"
 echo "  Does Emacs use -lxml2?                                  ${HAVE_LIBXML2}"

 echo "  Does Emacs use -lfreetype?                              ${HAVE_FREETYPE}"

=== modified file 'src/gnutls.c'
--- src/gnutls.c	2011-01-25 04:08:28 +0000
+++ src/gnutls.c	2011-03-01 21:41:36 +0000
@@ -484,6 +484,16 @@

   GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_FILES;

+  GNUTLS_LOG (1, max_log_level, "gnutls callbacks");
+
+  GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_CALLBACKS;
+
+#ifdef HAVE_GNUTLS_CALLBACK_CERTIFICATE_VERIFY
+#endif
+
+#ifdef HAVE_GNUTLS_CALLBACK_CERTIFICATE_RETRIEVE
+#endif
+
   GNUTLS_LOG (1, max_log_level, "gnutls_init");

   ret = gnutls_init (&state, GNUTLS_CLIENT);

=== modified file 'src/gnutls.h'
--- src/gnutls.h	2011-01-25 04:08:28 +0000
+++ src/gnutls.h	2011-03-01 21:32:17 +0000
@@ -28,6 +28,7 @@
   GNUTLS_STAGE_EMPTY = 0,
   GNUTLS_STAGE_CRED_ALLOC,
   GNUTLS_STAGE_FILES,
+  GNUTLS_STAGE_CALLBACKS,
   GNUTLS_STAGE_INIT,
   GNUTLS_STAGE_PRIORITY,
   GNUTLS_STAGE_CRED_SET,

next prev parent reply	other threads:[~2011-03-01 21:52 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-11-25 17:29 Julien Danjou
2010-11-26  0:28 ` Lars Magne Ingebrigtsen
2010-11-26 12:13   ` Ted Zlatanov
2010-11-26 12:51     ` Julien Danjou
2010-11-26 15:02       ` Stefan Monnier
2010-11-26 15:56         ` Julien Danjou
2010-11-26 18:42           ` Stefan Monnier
2010-11-27  9:36             ` Julien Danjou
2010-11-27 14:28               ` Stefan Monnier
2010-11-28  9:55               ` Lars Magne Ingebrigtsen
2010-11-26 14:10     ` Lars Magne Ingebrigtsen
2010-11-27 14:18       ` Lars Magne Ingebrigtsen
2010-11-27 14:40         ` Lars Magne Ingebrigtsen
2010-11-27 15:31           ` Lars Magne Ingebrigtsen
2010-11-27 16:04             ` Lars Magne Ingebrigtsen
2010-11-27 16:37               ` Steinar Bang
2010-11-27 16:41                 ` Lars Magne Ingebrigtsen
2010-11-27 16:59                   ` Lars Magne Ingebrigtsen
2010-11-27 17:33                     ` Dan Christensen
2010-11-27 17:36                       ` Lars Magne Ingebrigtsen
2010-11-27 17:42                         ` Lars Magne Ingebrigtsen
2010-11-28  2:36             ` Automatic STARTTLS upgrades (was: gnutls status) Lars Magne Ingebrigtsen
2010-11-28 12:28               ` Automatic STARTTLS upgrades Lars Magne Ingebrigtsen
2010-11-28 13:34                 ` Lars Magne Ingebrigtsen
2010-12-14 22:59       ` gnutls status Ted Zlatanov
2011-03-01 21:52         ` Ted Zlatanov [this message]
2011-03-05 11:01           ` Lars Magne Ingebrigtsen
2011-03-05 14:46             ` Ted Zlatanov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=874o7mqzij.fsf@lifelogs.com \
    --to=tzz@lifelogs.com \
    --cc=ding@gnus.org \
    --cc=emacs-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).