projects
/
gnus
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix XEmacs compilation
[gnus]
/
lisp
/
tls.el
diff --git
a/lisp/tls.el
b/lisp/tls.el
index
daa1c18
..
6abb048
100644
(file)
--- a/
lisp/tls.el
+++ b/
lisp/tls.el
@@
-1,7
+1,6
@@
;;; tls.el --- TLS/SSL support via wrapper around GnuTLS
;;; tls.el --- TLS/SSL support via wrapper around GnuTLS
-;; Copyright (C) 1996, 1997, 1998, 1999, 2002, 2003, 2004, 2005, 2006,
-;; 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
+;; Copyright (C) 1996-1999, 2002-2014 Free Software Foundation, Inc.
;; Author: Simon Josefsson <simon@josefsson.org>
;; Keywords: comm, tls, gnutls, ssl
;; Author: Simon Josefsson <simon@josefsson.org>
;; Keywords: comm, tls, gnutls, ssl
@@
-75,18
+74,13
@@
and `gnutls-cli' (version 2.0.1) output."
:type 'regexp
:group 'tls)
:type 'regexp
:group 'tls)
-(defvar tls-starttls-switches
- '(("openssl" "-starttls imap"))
- "Alist of programs and the switches necessary to get starttls behaviour.")
-
(defcustom tls-program '("gnutls-cli --insecure -p %p %h"
"gnutls-cli --insecure -p %p %h --protocols ssl3"
(defcustom tls-program '("gnutls-cli --insecure -p %p %h"
"gnutls-cli --insecure -p %p %h --protocols ssl3"
- "openssl s_client
%s
-connect %h:%p -no_ssl2 -ign_eof")
+ "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
"List of strings containing commands to start TLS stream to a host.
Each entry in the list is tried until a connection is successful.
%h is replaced with server hostname, %p with port to connect to.
"List of strings containing commands to start TLS stream to a host.
Each entry in the list is tried until a connection is successful.
%h is replaced with server hostname, %p with port to connect to.
-The program should read input on stdin and write output to
-stdout.
+The program should read input on stdin and write output to stdout.
See `tls-checktrust' on how to check trusted root certs.
See `tls-checktrust' on how to check trusted root certs.
@@
-94,10
+88,14
@@
Also see `tls-success' for what the program should output after
successful negotiation."
:type
'(choice
successful negotiation."
:type
'(choice
+ (const :tag "Default list of commands"
+ ("gnutls-cli --insecure -p %p %h"
+ "gnutls-cli --insecure -p %p %h --protocols ssl3"
+ "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
(list :tag "Choose commands"
:value
(list :tag "Choose commands"
:value
- ("gnutls-cli -p %p %h"
- "gnutls-cli -p %p %h --protocols ssl3"
+ ("gnutls-cli -
-insecure -
p %p %h"
+ "gnutls-cli -
-insecure -
p %p %h --protocols ssl3"
"openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
(set :inline t
;; FIXME: add brief `:tag "..."' descriptions.
"openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
(set :inline t
;; FIXME: add brief `:tag "..."' descriptions.
@@
-107,14
+105,10
@@
successful negotiation."
(const "gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h --protocols ssl3")
(const "openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2 -ign_eof")
;; No trust check:
(const "gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h --protocols ssl3")
(const "openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2 -ign_eof")
;; No trust check:
- (const "gnutls-cli -p %p %h")
- (const "gnutls-cli -p %p %h --protocols ssl3")
+ (const "gnutls-cli -
-insecure -
p %p %h")
+ (const "gnutls-cli -
-insecure -
p %p %h --protocols ssl3")
(const "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
(repeat :inline t :tag "Other" (string)))
(const "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
(repeat :inline t :tag "Other" (string)))
- (const :tag "Default list of commands"
- ("gnutls-cli -p %p %h"
- "gnutls-cli -p %p %h --protocols ssl3"
- "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
(list :tag "List of commands"
(repeat :tag "Command" (string))))
:version "22.1"
(list :tag "List of commands"
(repeat :tag "Command" (string))))
:version "22.1"
@@
-128,7
+122,7
@@
successful negotiation."
(defcustom tls-success "- Handshake was completed\\|SSL handshake has read "
"Regular expression indicating completed TLS handshakes.
(defcustom tls-success "- Handshake was completed\\|SSL handshake has read "
"Regular expression indicating completed TLS handshakes.
-The default is what G
NU
TLS's \"gnutls-cli\" or OpenSSL's
+The default is what G
nu
TLS's \"gnutls-cli\" or OpenSSL's
\"openssl s_client\" outputs."
:version "22.1"
:type 'regexp
\"openssl s_client\" outputs."
:version "22.1"
:type 'regexp
@@
-155,7
+149,7
@@
consider trustworthy, e.g.:
(defcustom tls-untrusted
"- Peer's certificate is NOT trusted\\|Verify return code: \\([^0] \\|.[^ ]\\)"
"Regular expression indicating failure of TLS certificate verification.
(defcustom tls-untrusted
"- Peer's certificate is NOT trusted\\|Verify return code: \\([^0] \\|.[^ ]\\)"
"Regular expression indicating failure of TLS certificate verification.
-The default is what G
NU
TLS's \"gnutls-cli\" or OpenSSL's
+The default is what G
nu
TLS's \"gnutls-cli\" or OpenSSL's
\"openssl s_client\" return in the event of unsuccessful
verification."
:type 'regexp
\"openssl s_client\" return in the event of unsuccessful
verification."
:type 'regexp
@@
-173,8
+167,8
@@
this to nil if you want to ignore host name mismatches."
:version "23.1" ;; No Gnus
:group 'tls)
:version "23.1" ;; No Gnus
:group 'tls)
-(defcustom tls-certtool-program
(executable-find "certtool")
- "Name of
GnuTLS certtool.
+(defcustom tls-certtool-program
"certtool"
+ "Name of GnuTLS certtool.
Used by `tls-certificate-information'."
:version "22.1"
:type 'string
Used by `tls-certificate-information'."
:version "22.1"
:type 'string
@@
-203,7
+197,7
@@
Used by `tls-certificate-information'."
(push (cons (match-string 1) (match-string 2)) vals))
(nreverse vals))))))
(push (cons (match-string 1) (match-string 2)) vals))
(nreverse vals))))))
-(defun open-tls-stream (name buffer host port
&optional starttlsp
)
+(defun open-tls-stream (name buffer host port)
"Open a TLS connection for a port to a host.
Returns a subprocess-object to represent the connection.
Input and output work as for subprocesses; `delete-process' closes it.
"Open a TLS connection for a port to a host.
Returns a subprocess-object to represent the connection.
Input and output work as for subprocesses; `delete-process' closes it.
@@
-233,22
+227,14
@@
Fourth arg PORT is an integer specifying a port to connect to."
(format-spec
cmd
(format-spec-make
(format-spec
cmd
(format-spec-make
- ?s (if starttlsp
- (tls-find-starttls-argument cmd)
- "")
?h host
?p (if (integerp port)
(int-to-string port)
?h host
?p (if (integerp port)
(int-to-string port)
- port))))
- response)
+ port)))))
(message "Opening TLS connection with `%s'..." formatted-cmd)
(setq process (start-process
name buffer shell-file-name shell-command-switch
formatted-cmd))
(message "Opening TLS connection with `%s'..." formatted-cmd)
(setq process (start-process
name buffer shell-file-name shell-command-switch
formatted-cmd))
- (funcall (if (fboundp 'set-process-query-on-exit-flag)
- 'set-process-query-on-exit-flag
- 'process-kill-without-query)
- process nil)
(while (and process
(memq (process-status process) '(open run))
(progn
(while (and process
(memq (process-status process) '(open run))
(progn
@@
-299,7
+285,10
@@
NOT trusted. Accept anyway? " host)))))
(format "Host name in certificate doesn't \
match `%s'. Connect anyway? " host))))))
(setq done nil)
(format "Host name in certificate doesn't \
match `%s'. Connect anyway? " host))))))
(setq done nil)
- (delete-process process)))
+ (delete-process process))
+ ;; Delete all the informational messages that could confuse
+ ;; future uses of `buffer'.
+ (delete-region (point-min) (point)))
(message "Opening TLS connection to `%s'...%s"
host (if done "done" "failed"))
(when use-temp-buffer
(message "Opening TLS connection to `%s'...%s"
host (if done "done" "failed"))
(when use-temp-buffer
@@
-307,11
+296,6
@@
match `%s'. Connect anyway? " host))))))
(kill-buffer buffer))
done))
(kill-buffer buffer))
done))
-(defun tls-find-starttls-argument (command)
- (let ((command (car (split-string command))))
- (or (cadr (assoc command tls-starttls-switches))
- "")))
-
(provide 'tls)
;;; tls.el ends here
(provide 'tls)
;;; tls.el ends here