X-Git-Url: http://cgit.sxemacs.org/?p=gnus;a=blobdiff_plain;f=lisp%2Ftls.el;h=6abb0483d52d849910c95fc9c64a46ca64effc61;hp=3044cb4ab7156b7c0366c7c1962cd514d553aac3;hb=54b3844ec0d9b1fd25b4f00f927853ff72ba5274;hpb=5193de49edd84a0e8d74e8289269b6055e14d6b1 diff --git a/lisp/tls.el b/lisp/tls.el index 3044cb4ab..6abb0483d 100644 --- a/lisp/tls.el +++ b/lisp/tls.el @@ -1,7 +1,6 @@ ;;; tls.el --- TLS/SSL support via wrapper around GnuTLS -;; Copyright (C) 1996, 1997, 1998, 1999, 2002, 2003, 2004, 2005, 2006, -;; 2007, 2008 Free Software Foundation, Inc. +;; Copyright (C) 1996-1999, 2002-2014 Free Software Foundation, Inc. ;; Author: Simon Josefsson ;; Keywords: comm, tls, gnutls, ssl @@ -75,14 +74,13 @@ and `gnutls-cli' (version 2.0.1) output." :type 'regexp :group 'tls) -(defcustom tls-program '("gnutls-cli -p %p %h" - "gnutls-cli -p %p %h --protocols ssl3" +(defcustom tls-program '("gnutls-cli --insecure -p %p %h" + "gnutls-cli --insecure -p %p %h --protocols ssl3" "openssl s_client -connect %h:%p -no_ssl2 -ign_eof") "List of strings containing commands to start TLS stream to a host. Each entry in the list is tried until a connection is successful. %h is replaced with server hostname, %p with port to connect to. -The program should read input on stdin and write output to -stdout. +The program should read input on stdin and write output to stdout. See `tls-checktrust' on how to check trusted root certs. @@ -90,10 +88,14 @@ Also see `tls-success' for what the program should output after successful negotiation." :type '(choice + (const :tag "Default list of commands" + ("gnutls-cli --insecure -p %p %h" + "gnutls-cli --insecure -p %p %h --protocols ssl3" + "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")) (list :tag "Choose commands" :value - ("gnutls-cli -p %p %h" - "gnutls-cli -p %p %h --protocols ssl3" + ("gnutls-cli --insecure -p %p %h" + "gnutls-cli --insecure -p %p %h --protocols ssl3" "openssl s_client -connect %h:%p -no_ssl2 -ign_eof") (set :inline t ;; FIXME: add brief `:tag "..."' descriptions. @@ -103,14 +105,10 @@ successful negotiation." (const "gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h --protocols ssl3") (const "openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2 -ign_eof") ;; No trust check: - (const "gnutls-cli -p %p %h") - (const "gnutls-cli -p %p %h --protocols ssl3") + (const "gnutls-cli --insecure -p %p %h") + (const "gnutls-cli --insecure -p %p %h --protocols ssl3") (const "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")) (repeat :inline t :tag "Other" (string))) - (const :tag "Default list of commands" - ("gnutls-cli -p %p %h" - "gnutls-cli -p %p %h --protocols ssl3" - "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")) (list :tag "List of commands" (repeat :tag "Command" (string)))) :version "22.1" @@ -124,7 +122,7 @@ successful negotiation." (defcustom tls-success "- Handshake was completed\\|SSL handshake has read " "Regular expression indicating completed TLS handshakes. -The default is what GNUTLS's \"gnutls-cli\" or OpenSSL's +The default is what GnuTLS's \"gnutls-cli\" or OpenSSL's \"openssl s_client\" outputs." :version "22.1" :type 'regexp @@ -151,7 +149,7 @@ consider trustworthy, e.g.: (defcustom tls-untrusted "- Peer's certificate is NOT trusted\\|Verify return code: \\([^0] \\|.[^ ]\\)" "Regular expression indicating failure of TLS certificate verification. -The default is what GNUTLS's \"gnutls-cli\" or OpenSSL's +The default is what GnuTLS's \"gnutls-cli\" or OpenSSL's \"openssl s_client\" return in the event of unsuccessful verification." :type 'regexp @@ -169,8 +167,8 @@ this to nil if you want to ignore host name mismatches." :version "23.1" ;; No Gnus :group 'tls) -(defcustom tls-certtool-program (executable-find "certtool") - "Name of GnuTLS certtool. +(defcustom tls-certtool-program "certtool" + "Name of GnuTLS certtool. Used by `tls-certificate-information'." :version "22.1" :type 'string @@ -216,22 +214,27 @@ Fourth arg PORT is an integer specifying a port to connect to." (use-temp-buffer (null buffer)) process cmd done) (if use-temp-buffer - (setq buffer (generate-new-buffer " TLS"))) + (setq buffer (generate-new-buffer " TLS")) + ;; BUFFER is a string but does not exist as a buffer object. + (unless (and (get-buffer buffer) + (buffer-name (get-buffer buffer))) + (generate-new-buffer buffer))) (with-current-buffer buffer (message "Opening TLS connection to `%s'..." host) (while (and (not done) (setq cmd (pop cmds))) - (message "Opening TLS connection with `%s'..." cmd) (let ((process-connection-type tls-process-connection-type) - response) + (formatted-cmd + (format-spec + cmd + (format-spec-make + ?h host + ?p (if (integerp port) + (int-to-string port) + port))))) + (message "Opening TLS connection with `%s'..." formatted-cmd) (setq process (start-process name buffer shell-file-name shell-command-switch - (format-spec - cmd - (format-spec-make - ?h host - ?p (if (integerp port) - (int-to-string port) - port))))) + formatted-cmd)) (while (and process (memq (process-status process) '(open run)) (progn @@ -240,7 +243,7 @@ Fourth arg PORT is an integer specifying a port to connect to." tls-success nil t))))) (unless (accept-process-output process 1) (sit-for 1))) - (message "Opening TLS connection with `%s'...%s" cmd + (message "Opening TLS connection with `%s'...%s" formatted-cmd (if done "done" "failed")) (if (not done) (delete-process process) @@ -282,7 +285,10 @@ NOT trusted. Accept anyway? " host))))) (format "Host name in certificate doesn't \ match `%s'. Connect anyway? " host)))))) (setq done nil) - (delete-process process))) + (delete-process process)) + ;; Delete all the informational messages that could confuse + ;; future uses of `buffer'. + (delete-region (point-min) (point))) (message "Opening TLS connection to `%s'...%s" host (if done "done" "failed")) (when use-temp-buffer @@ -292,5 +298,4 @@ match `%s'. Connect anyway? " host)))))) (provide 'tls) -;; arch-tag: 5596d1c4-facc-4bc4-94a9-9863b928d7ac ;;; tls.el ends here