From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/77445 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.gnus.general,gmane.emacs.devel Subject: Re: gnutls status Date: Tue, 01 Mar 2011 15:52:52 -0600 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <874o7mqzij.fsf@lifelogs.com> References: <87ipzkmgfn.fsf@lifelogs.com> <87tyigm04p.fsf@lifelogs.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Trace: dough.gmane.org 1299016477 17004 80.91.229.12 (1 Mar 2011 21:54:37 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 1 Mar 2011 21:54:37 +0000 (UTC) Cc: emacs-devel@gnu.org To: ding@gnus.org Original-X-From: ding-owner+M25769@lists.math.uh.edu Tue Mar 01 22:54:32 2011 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1PuXWY-0000Yr-N7 for ding-account@gmane.org; Tue, 01 Mar 2011 22:54:31 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1PuXVQ-0002Qr-6S; Tue, 01 Mar 2011 15:53:20 -0600 Original-Received: from mx1.math.uh.edu ([129.7.128.32]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1PuXVN-0002QV-SP for ding@lists.math.uh.edu; Tue, 01 Mar 2011 15:53:17 -0600 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx1.math.uh.edu with esmtp (Exim 4.72) (envelope-from ) id 1PuXVI-0008Nr-TN for ding@lists.math.uh.edu; Tue, 01 Mar 2011 15:53:17 -0600 Original-Received: from lo.gmane.org ([80.91.229.12]) by quimby.gnus.org with esmtp (Exim 4.72) (envelope-from ) id 1PuXVG-0006yN-5x for ding@gnus.org; Tue, 01 Mar 2011 22:53:10 +0100 Original-Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1PuXVE-0008Ia-Ki for ding@gnus.org; Tue, 01 Mar 2011 22:53:08 +0100 Original-Received: from 38.98.147.130 ([38.98.147.130]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 01 Mar 2011 22:53:08 +0100 Original-Received: from tzz by 38.98.147.130 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 01 Mar 2011 22:53:08 +0100 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 121 Original-X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: 38.98.147.130 X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" User-Agent: Gnus/5.110014 (No Gnus v0.14) Emacs/24.0.50 (gnu/linux) Cancel-Lock: sha1:RauyaXrggT/ogs8BAh5Zy9NkEz0= X-Spam-Score: -0.7 (/) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:77445 gmane.emacs.devel:136693 Archived-At: --=-=-= Content-Type: text/plain On Tue, 14 Dec 2010 16:59:34 -0600 Ted Zlatanov wrote: TZ> On Fri, 26 Nov 2010 15:10:39 +0100 Lars Magne Ingebrigtsen wrote: LMI> Is 2.10.x at least backwards-compatible, so that if we do implement the LMI> complicated 2.8.x features, it'll continue to work in the future, too? TZ> Yes. They try really hard to keep backwards compatibility. I'd guess TZ> for all 2.x releases we'll be OK unless there's newer features we simply TZ> must have :) Argh, GnuTLS 2.8.x is still standard on Ubuntu 10.10, so practically we should support it. Below is my first (untested) patch to generate the HAVE_GNUTLS_CALLBACK_CERTIFICATE_RETRIEVE and HAVE_GNUTLS_CALLBACK_CERTIFICATE_VERIFY definitions in the configure.in using AC_CHECK_FUNCS and then use them (currently just #ifdef placeholders) in gnutls.c. I plan to retrieve them from the :callbacks alist parameter to `gnutls-boot'. Regenerating "configure" failed for me. I get this error at the end: ./configure: line 12620: gl_ASSERT_NO_GNULIB_POSIXCHECK: command not found ./configure: line 12621: gl_ASSERT_NO_GNULIB_TESTS: command not found ./configure: line 12622: gl_INIT: command not found checking for lstat... yes ./configure: line 12648: syntax error near unexpected token `lstat' ./configure: line 12648: `gl_SYS_STAT_MODULE_INDICATOR(lstat)' at the end. But it gets far enough that I can tell the tests are being run. This is why the patch is untested; I'll see if I can figure out why that's happening. It may be an Ubuntu oddity. Please let me know if the proposed approach is reasonable and if you have any comments. In theory this should be pretty trivial. Thanks Ted --=-=-= Content-Type: text/x-diff Content-Disposition: inline; filename=callbacks.patch === modified file 'configure.in' --- configure.in 2011-02-24 04:28:17 +0000 +++ configure.in 2011-03-01 21:39:23 +0000 @@ -1972,12 +1972,26 @@ AC_SUBST(LIBSELINUX_LIBS) HAVE_GNUTLS=no +HAVE_GNUTLS_CALLBACK_CERTIFICATE_VERIFY=no +HAVE_GNUTLS_CALLBACK_CERTIFICATE_RETRIEVE=no if test "${with_gnutls}" = "yes" ; then PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 2.2.4], HAVE_GNUTLS=yes, HAVE_GNUTLS=no) if test "${HAVE_GNUTLS}" = "yes"; then AC_DEFINE(HAVE_GNUTLS, 1, [Define if using GnuTLS.]) fi + + AC_CHECK_FUNCS(gnutls_certificate_set_verify_function, HAVE_GNUTLS_CALLBACK_CERTIFICATE_VERIFY=yes) + AC_CHECK_FUNCS(gnutls_certificate_client_set_retrieve_function, HAVE_GNUTLS_CALLBACK_CERTIFICATE_RETRIEVE=yes) + + if test "${HAVE_GNUTLS_CALLBACK_CERTIFICATE_RETRIEVE}" = "yes"; then + AC_DEFINE(HAVE_GNUTLS_CALLBACK_CERTIFICATE_RETRIEVE, 1, [Define if using GnuTLS certificate retrieval callbacks.]) + fi + + if test "${HAVE_GNUTLS_CALLBACK_CERTIFICATE_VERIFY}" = "yes"; then + AC_DEFINE(HAVE_GNUTLS_CALLBACK_CERTIFICATE_VERIFY, 1, [Define if using GnuTLS certificate verification callbacks.]) + fi fi + AC_SUBST(LIBGNUTLS_LIBS) AC_SUBST(LIBGNUTLS_CFLAGS) @@ -3667,6 +3681,8 @@ echo " Does Emacs use -lgconf? ${HAVE_GCONF}" echo " Does Emacs use -lselinux? ${HAVE_LIBSELINUX}" echo " Does Emacs use -lgnutls? ${HAVE_GNUTLS}" +echo " Does Emacs use -lgnutls certificate verify callbacks? ${HAVE_GNUTLS_CALLBACK_CERTIFICATE_VERIFY}" +echo " Does Emacs use -lgnutls certificate retrieve callbacks? ${HAVE_GNUTLS_CALLBACK_CERTIFICATE_RETRIEVE}" echo " Does Emacs use -lxml2? ${HAVE_LIBXML2}" echo " Does Emacs use -lfreetype? ${HAVE_FREETYPE}" === modified file 'src/gnutls.c' --- src/gnutls.c 2011-01-25 04:08:28 +0000 +++ src/gnutls.c 2011-03-01 21:41:36 +0000 @@ -484,6 +484,16 @@ GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_FILES; + GNUTLS_LOG (1, max_log_level, "gnutls callbacks"); + + GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_CALLBACKS; + +#ifdef HAVE_GNUTLS_CALLBACK_CERTIFICATE_VERIFY +#endif + +#ifdef HAVE_GNUTLS_CALLBACK_CERTIFICATE_RETRIEVE +#endif + GNUTLS_LOG (1, max_log_level, "gnutls_init"); ret = gnutls_init (&state, GNUTLS_CLIENT); === modified file 'src/gnutls.h' --- src/gnutls.h 2011-01-25 04:08:28 +0000 +++ src/gnutls.h 2011-03-01 21:32:17 +0000 @@ -28,6 +28,7 @@ GNUTLS_STAGE_EMPTY = 0, GNUTLS_STAGE_CRED_ALLOC, GNUTLS_STAGE_FILES, + GNUTLS_STAGE_CALLBACKS, GNUTLS_STAGE_INIT, GNUTLS_STAGE_PRIORITY, GNUTLS_STAGE_CRED_SET, --=-=-=--