;;; tls.el --- TLS/SSL support via wrapper around GnuTLS
-;; Copyright (C) 1996, 1997, 1998, 1999, 2002, 2003, 2004,
-;; 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+;; Copyright (C) 1996-1999, 2002-2013 Free Software Foundation, Inc.
;; Author: Simon Josefsson <simon@josefsson.org>
;; Keywords: comm, tls, gnutls, ssl
;;; Code:
-(eval-and-compile
- (autoload 'format-spec "format-spec")
- (autoload 'format-spec-make "format-spec"))
+(autoload 'format-spec "format-spec")
+(autoload 'format-spec-make "format-spec")
(defgroup tls nil
"Transport Layer Security (TLS) parameters."
:type 'regexp
:group 'tls)
-(defcustom tls-program '("gnutls-cli -p %p %h"
- "gnutls-cli -p %p %h --protocols ssl3"
+(defcustom tls-program '("gnutls-cli --insecure -p %p %h"
+ "gnutls-cli --insecure -p %p %h --protocols ssl3"
"openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
"List of strings containing commands to start TLS stream to a host.
Each entry in the list is tried until a connection is successful.
successful negotiation."
:type
'(choice
+ (const :tag "Default list of commands"
+ ("gnutls-cli --insecure -p %p %h"
+ "gnutls-cli --insecure -p %p %h --protocols ssl3"
+ "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
(list :tag "Choose commands"
:value
- ("gnutls-cli -p %p %h"
- "gnutls-cli -p %p %h --protocols ssl3"
+ ("gnutls-cli --insecure -p %p %h"
+ "gnutls-cli --insecure -p %p %h --protocols ssl3"
"openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
(set :inline t
;; FIXME: add brief `:tag "..."' descriptions.
(const "gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h --protocols ssl3")
(const "openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2 -ign_eof")
;; No trust check:
- (const "gnutls-cli -p %p %h")
- (const "gnutls-cli -p %p %h --protocols ssl3")
+ (const "gnutls-cli --insecure -p %p %h")
+ (const "gnutls-cli --insecure -p %p %h --protocols ssl3")
(const "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
(repeat :inline t :tag "Other" (string)))
- (const :tag "Default list of commands"
- ("gnutls-cli -p %p %h"
- "gnutls-cli -p %p %h --protocols ssl3"
- "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
(list :tag "List of commands"
(repeat :tag "Command" (string))))
:version "22.1"
(defcustom tls-success "- Handshake was completed\\|SSL handshake has read "
"Regular expression indicating completed TLS handshakes.
-The default is what GNUTLS's \"gnutls-cli\" or OpenSSL's
+The default is what GnuTLS's \"gnutls-cli\" or OpenSSL's
\"openssl s_client\" outputs."
:version "22.1"
:type 'regexp
(defcustom tls-untrusted
"- Peer's certificate is NOT trusted\\|Verify return code: \\([^0] \\|.[^ ]\\)"
"Regular expression indicating failure of TLS certificate verification.
-The default is what GNUTLS's \"gnutls-cli\" or OpenSSL's
+The default is what GnuTLS's \"gnutls-cli\" or OpenSSL's
\"openssl s_client\" return in the event of unsuccessful
verification."
:type 'regexp
(use-temp-buffer (null buffer))
process cmd done)
(if use-temp-buffer
- (setq buffer (generate-new-buffer " TLS")))
+ (setq buffer (generate-new-buffer " TLS"))
+ ;; BUFFER is a string but does not exist as a buffer object.
+ (unless (and (get-buffer buffer)
+ (buffer-name (get-buffer buffer)))
+ (generate-new-buffer buffer)))
(with-current-buffer buffer
(message "Opening TLS connection to `%s'..." host)
(while (and (not done) (setq cmd (pop cmds)))
- (message "Opening TLS connection with `%s'..." cmd)
(let ((process-connection-type tls-process-connection-type)
- response)
+ (formatted-cmd
+ (format-spec
+ cmd
+ (format-spec-make
+ ?h host
+ ?p (if (integerp port)
+ (int-to-string port)
+ port)))))
+ (message "Opening TLS connection with `%s'..." formatted-cmd)
(setq process (start-process
name buffer shell-file-name shell-command-switch
- (format-spec
- cmd
- (format-spec-make
- ?h host
- ?p (if (integerp port)
- (int-to-string port)
- port)))))
+ formatted-cmd))
(while (and process
(memq (process-status process) '(open run))
(progn
tls-success nil t)))))
(unless (accept-process-output process 1)
(sit-for 1)))
- (message "Opening TLS connection with `%s'...%s" cmd
+ (message "Opening TLS connection with `%s'...%s" formatted-cmd
(if done "done" "failed"))
(if (not done)
(delete-process process)
(format "Host name in certificate doesn't \
match `%s'. Connect anyway? " host))))))
(setq done nil)
- (delete-process process)))
+ (delete-process process))
+ ;; Delete all the informational messages that could confuse
+ ;; future uses of `buffer'.
+ (delete-region (point-min) (point)))
(message "Opening TLS connection to `%s'...%s"
host (if done "done" "failed"))
(when use-temp-buffer
(provide 'tls)
-;; arch-tag: 5596d1c4-facc-4bc4-94a9-9863b928d7ac
;;; tls.el ends here