From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/77445
Path: news.gmane.org!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.emacs.gnus.general,gmane.emacs.devel
Subject: Re: gnutls status
Date: Tue, 01 Mar 2011 15:52:52 -0600
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @
 Cienfuegos
Message-ID: <874o7mqzij.fsf@lifelogs.com>
References: <sa3vd3l2txq.fsf@cigue.easter-eggs.fr>
	<m3eia9nd1d.fsf@quimbies.gnus.org> <87ipzkmgfn.fsf@lifelogs.com>
	<m3bp5cdvkw.fsf@quimbies.gnus.org> <87tyigm04p.fsf@lifelogs.com>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Trace: dough.gmane.org 1299016477 17004 80.91.229.12 (1 Mar 2011 21:54:37 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Tue, 1 Mar 2011 21:54:37 +0000 (UTC)
Cc: emacs-devel@gnu.org
To: ding@gnus.org
Original-X-From: ding-owner+M25769@lists.math.uh.edu Tue Mar 01 22:54:32 2011
Return-path: <ding-owner+M25769@lists.math.uh.edu>
Envelope-to: ding-account@gmane.org
Original-Received: from util0.math.uh.edu ([129.7.128.18])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <ding-owner+M25769@lists.math.uh.edu>)
	id 1PuXWY-0000Yr-N7
	for ding-account@gmane.org; Tue, 01 Mar 2011 22:54:31 +0100
Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu)
	by util0.math.uh.edu with smtp (Exim 4.63)
	(envelope-from <ding-owner+M25769@lists.math.uh.edu>)
	id 1PuXVQ-0002Qr-6S; Tue, 01 Mar 2011 15:53:20 -0600
Original-Received: from mx1.math.uh.edu ([129.7.128.32])
	by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.63)
	(envelope-from <ding-account@m.gmane.org>)
	id 1PuXVN-0002QV-SP
	for ding@lists.math.uh.edu; Tue, 01 Mar 2011 15:53:17 -0600
Original-Received: from quimby.gnus.org ([80.91.231.51])
	by mx1.math.uh.edu with esmtp (Exim 4.72)
	(envelope-from <ding-account@m.gmane.org>)
	id 1PuXVI-0008Nr-TN
	for ding@lists.math.uh.edu; Tue, 01 Mar 2011 15:53:17 -0600
Original-Received: from lo.gmane.org ([80.91.229.12])
	by quimby.gnus.org with esmtp (Exim 4.72)
	(envelope-from <ding-account@m.gmane.org>)
	id 1PuXVG-0006yN-5x
	for ding@gnus.org; Tue, 01 Mar 2011 22:53:10 +0100
Original-Received: from list by lo.gmane.org with local (Exim 4.69)
	(envelope-from <ding-account@m.gmane.org>)
	id 1PuXVE-0008Ia-Ki
	for ding@gnus.org; Tue, 01 Mar 2011 22:53:08 +0100
Original-Received: from 38.98.147.130 ([38.98.147.130])
        by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <ding@gnus.org>; Tue, 01 Mar 2011 22:53:08 +0100
Original-Received: from tzz by 38.98.147.130 with local (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <ding@gnus.org>; Tue, 01 Mar 2011 22:53:08 +0100
X-Injected-Via-Gmane: http://gmane.org/
Original-Lines: 121
Original-X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: 38.98.147.130
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
User-Agent: Gnus/5.110014 (No Gnus v0.14) Emacs/24.0.50 (gnu/linux)
Cancel-Lock: sha1:RauyaXrggT/ogs8BAh5Zy9NkEz0=
X-Spam-Score: -0.7 (/)
List-ID: <ding.gnus.org>
Precedence: bulk
Xref: news.gmane.org gmane.emacs.gnus.general:77445 gmane.emacs.devel:136693
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.general/77445>

--=-=-=
Content-Type: text/plain

On Tue, 14 Dec 2010 16:59:34 -0600 Ted Zlatanov <tzz@lifelogs.com> wrote: 

TZ> On Fri, 26 Nov 2010 15:10:39 +0100 Lars Magne Ingebrigtsen <larsi@gnus.org> wrote: 
LMI> Is 2.10.x at least backwards-compatible, so that if we do implement the
LMI> complicated 2.8.x features, it'll continue to work in the future, too?

TZ> Yes.  They try really hard to keep backwards compatibility.  I'd guess
TZ> for all 2.x releases we'll be OK unless there's newer features we simply
TZ> must have :)

Argh, GnuTLS 2.8.x is still standard on Ubuntu 10.10, so practically we
should support it.  Below is my first (untested) patch to generate the
HAVE_GNUTLS_CALLBACK_CERTIFICATE_RETRIEVE and
HAVE_GNUTLS_CALLBACK_CERTIFICATE_VERIFY definitions in the configure.in
using AC_CHECK_FUNCS and then use them (currently just #ifdef
placeholders) in gnutls.c.  I plan to retrieve them from the :callbacks
alist parameter to `gnutls-boot'.

Regenerating "configure" failed for me.  I get this error at the end:

./configure: line 12620: gl_ASSERT_NO_GNULIB_POSIXCHECK: command not found
./configure: line 12621: gl_ASSERT_NO_GNULIB_TESTS: command not found
./configure: line 12622: gl_INIT: command not found
checking for lstat... yes
./configure: line 12648: syntax error near unexpected token `lstat'
./configure: line 12648: `gl_SYS_STAT_MODULE_INDICATOR(lstat)'

at the end.  But it gets far enough that I can tell the tests are being
run.  This is why the patch is untested; I'll see if I can figure out
why that's happening.  It may be an Ubuntu oddity.

Please let me know if the proposed approach is reasonable and if you
have any comments.  In theory this should be pretty trivial.

Thanks
Ted



--=-=-=
Content-Type: text/x-diff
Content-Disposition: inline; filename=callbacks.patch

=== modified file 'configure.in'
--- configure.in	2011-02-24 04:28:17 +0000
+++ configure.in	2011-03-01 21:39:23 +0000
@@ -1972,12 +1972,26 @@
 AC_SUBST(LIBSELINUX_LIBS)
 
 HAVE_GNUTLS=no
+HAVE_GNUTLS_CALLBACK_CERTIFICATE_VERIFY=no
+HAVE_GNUTLS_CALLBACK_CERTIFICATE_RETRIEVE=no
 if test "${with_gnutls}" = "yes" ; then
   PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 2.2.4], HAVE_GNUTLS=yes, HAVE_GNUTLS=no)
   if test "${HAVE_GNUTLS}" = "yes"; then
     AC_DEFINE(HAVE_GNUTLS, 1, [Define if using GnuTLS.])
   fi
+
+  AC_CHECK_FUNCS(gnutls_certificate_set_verify_function, HAVE_GNUTLS_CALLBACK_CERTIFICATE_VERIFY=yes)
+  AC_CHECK_FUNCS(gnutls_certificate_client_set_retrieve_function, HAVE_GNUTLS_CALLBACK_CERTIFICATE_RETRIEVE=yes)
+
+  if test "${HAVE_GNUTLS_CALLBACK_CERTIFICATE_RETRIEVE}" = "yes"; then
+    AC_DEFINE(HAVE_GNUTLS_CALLBACK_CERTIFICATE_RETRIEVE, 1, [Define if using GnuTLS certificate retrieval callbacks.])
+  fi
+
+  if test "${HAVE_GNUTLS_CALLBACK_CERTIFICATE_VERIFY}" = "yes"; then
+    AC_DEFINE(HAVE_GNUTLS_CALLBACK_CERTIFICATE_VERIFY, 1, [Define if using GnuTLS certificate verification callbacks.])
+  fi
 fi
+
 AC_SUBST(LIBGNUTLS_LIBS)
 AC_SUBST(LIBGNUTLS_CFLAGS)
 
@@ -3667,6 +3681,8 @@
 echo "  Does Emacs use -lgconf?                                 ${HAVE_GCONF}"
 echo "  Does Emacs use -lselinux?                               ${HAVE_LIBSELINUX}"
 echo "  Does Emacs use -lgnutls?                                ${HAVE_GNUTLS}"
+echo "  Does Emacs use -lgnutls certificate verify callbacks?   ${HAVE_GNUTLS_CALLBACK_CERTIFICATE_VERIFY}"
+echo "  Does Emacs use -lgnutls certificate retrieve callbacks? ${HAVE_GNUTLS_CALLBACK_CERTIFICATE_RETRIEVE}"
 echo "  Does Emacs use -lxml2?                                  ${HAVE_LIBXML2}"
 
 echo "  Does Emacs use -lfreetype?                              ${HAVE_FREETYPE}"

=== modified file 'src/gnutls.c'
--- src/gnutls.c	2011-01-25 04:08:28 +0000
+++ src/gnutls.c	2011-03-01 21:41:36 +0000
@@ -484,6 +484,16 @@
 
   GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_FILES;
 
+  GNUTLS_LOG (1, max_log_level, "gnutls callbacks");
+
+  GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_CALLBACKS;
+
+#ifdef HAVE_GNUTLS_CALLBACK_CERTIFICATE_VERIFY
+#endif
+
+#ifdef HAVE_GNUTLS_CALLBACK_CERTIFICATE_RETRIEVE
+#endif
+
   GNUTLS_LOG (1, max_log_level, "gnutls_init");
 
   ret = gnutls_init (&state, GNUTLS_CLIENT);

=== modified file 'src/gnutls.h'
--- src/gnutls.h	2011-01-25 04:08:28 +0000
+++ src/gnutls.h	2011-03-01 21:32:17 +0000
@@ -28,6 +28,7 @@
   GNUTLS_STAGE_EMPTY = 0,
   GNUTLS_STAGE_CRED_ALLOC,
   GNUTLS_STAGE_FILES,
+  GNUTLS_STAGE_CALLBACKS,
   GNUTLS_STAGE_INIT,
   GNUTLS_STAGE_PRIORITY,
   GNUTLS_STAGE_CRED_SET,


--=-=-=--