;;; tls.el --- TLS/SSL support via wrapper around GnuTLS
-;; Copyright (C) 1996, 1997, 1998, 1999, 2002, 2003, 2004, 2005, 2006,
-;; 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
+;; Copyright (C) 1996-1999, 2002-2014 Free Software Foundation, Inc.
;; Author: Simon Josefsson <simon@josefsson.org>
;; Keywords: comm, tls, gnutls, ssl
:type 'regexp
:group 'tls)
-(defvar tls-starttls-switches
- '(("openssl" "-starttls imap"))
- "Alist of programs and the switches necessary to get starttls behaviour.")
-
(defcustom tls-program '("gnutls-cli --insecure -p %p %h"
"gnutls-cli --insecure -p %p %h --protocols ssl3"
- "openssl s_client %s -connect %h:%p -no_ssl2 -ign_eof")
+ "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
"List of strings containing commands to start TLS stream to a host.
Each entry in the list is tried until a connection is successful.
%h is replaced with server hostname, %p with port to connect to.
-The program should read input on stdin and write output to
-stdout.
+The program should read input on stdin and write output to stdout.
See `tls-checktrust' on how to check trusted root certs.
successful negotiation."
:type
'(choice
+ (const :tag "Default list of commands"
+ ("gnutls-cli --insecure -p %p %h"
+ "gnutls-cli --insecure -p %p %h --protocols ssl3"
+ "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
(list :tag "Choose commands"
:value
- ("gnutls-cli -p %p %h"
- "gnutls-cli -p %p %h --protocols ssl3"
+ ("gnutls-cli --insecure -p %p %h"
+ "gnutls-cli --insecure -p %p %h --protocols ssl3"
"openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
(set :inline t
;; FIXME: add brief `:tag "..."' descriptions.
(const "gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h --protocols ssl3")
(const "openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2 -ign_eof")
;; No trust check:
- (const "gnutls-cli -p %p %h")
- (const "gnutls-cli -p %p %h --protocols ssl3")
+ (const "gnutls-cli --insecure -p %p %h")
+ (const "gnutls-cli --insecure -p %p %h --protocols ssl3")
(const "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
(repeat :inline t :tag "Other" (string)))
- (const :tag "Default list of commands"
- ("gnutls-cli -p %p %h"
- "gnutls-cli -p %p %h --protocols ssl3"
- "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
(list :tag "List of commands"
(repeat :tag "Command" (string))))
:version "22.1"
(defcustom tls-success "- Handshake was completed\\|SSL handshake has read "
"Regular expression indicating completed TLS handshakes.
-The default is what GNUTLS's \"gnutls-cli\" or OpenSSL's
+The default is what GnuTLS's \"gnutls-cli\" or OpenSSL's
\"openssl s_client\" outputs."
:version "22.1"
:type 'regexp
(defcustom tls-untrusted
"- Peer's certificate is NOT trusted\\|Verify return code: \\([^0] \\|.[^ ]\\)"
"Regular expression indicating failure of TLS certificate verification.
-The default is what GNUTLS's \"gnutls-cli\" or OpenSSL's
+The default is what GnuTLS's \"gnutls-cli\" or OpenSSL's
\"openssl s_client\" return in the event of unsuccessful
verification."
:type 'regexp
:version "23.1" ;; No Gnus
:group 'tls)
-(defcustom tls-certtool-program (executable-find "certtool")
- "Name of GnuTLS certtool.
+(defcustom tls-certtool-program "certtool"
+ "Name of GnuTLS certtool.
Used by `tls-certificate-information'."
:version "22.1"
:type 'string
(push (cons (match-string 1) (match-string 2)) vals))
(nreverse vals))))))
-(defun open-tls-stream (name buffer host port &optional starttlsp)
+(defun open-tls-stream (name buffer host port)
"Open a TLS connection for a port to a host.
Returns a subprocess-object to represent the connection.
Input and output work as for subprocesses; `delete-process' closes it.
(format-spec
cmd
(format-spec-make
- ?s (if starttlsp
- (tls-find-starttls-argument cmd)
- "")
?h host
?p (if (integerp port)
(int-to-string port)
- port))))
- response)
+ port)))))
(message "Opening TLS connection with `%s'..." formatted-cmd)
(setq process (start-process
name buffer shell-file-name shell-command-switch
formatted-cmd))
- (funcall (if (fboundp 'set-process-query-on-exit-flag)
- 'set-process-query-on-exit-flag
- 'process-kill-without-query)
- process nil)
(while (and process
(memq (process-status process) '(open run))
(progn
(format "Host name in certificate doesn't \
match `%s'. Connect anyway? " host))))))
(setq done nil)
- (delete-process process)))
+ (delete-process process))
+ ;; Delete all the informational messages that could confuse
+ ;; future uses of `buffer'.
+ (delete-region (point-min) (point)))
(message "Opening TLS connection to `%s'...%s"
host (if done "done" "failed"))
(when use-temp-buffer
(kill-buffer buffer))
done))
-(defun tls-find-starttls-argument (command)
- (let ((command (car (split-string command))))
- (or (cadr (assoc command tls-starttls-switches))
- "")))
-
(provide 'tls)
;;; tls.el ends here
projects / gnus / blobdiff