+2011-05-04 Teodor Zlatanov <tzz@lifelogs.com>
+
+ * net/gnutls.el (gnutls-negotiate): Use CL-style keyword arguments
+ instead of positional arguments. Allow :keylist and :crlfiles
+ arguments.
+ (open-gnutls-stream): Call it.
+
+ * net/network-stream.el (network-stream-open-starttls): Adjust to
+ call `gnutls-negotiate' with :process and :hostname arguments.
+
2011-05-04 Stefan Monnier <monnier@iro.umontreal.ca>
* minibuffer.el (completion--message): New function.
;;; Code:
+(eval-when-compile (require 'cl))
+
(defgroup gnutls nil
"Emacs interface to the GnuTLS library."
:prefix "gnutls-"
documentation for the specific parameters you can use to open a
GnuTLS connection, including specifying the credential type,
trust and key files, and priority string."
- (gnutls-negotiate (open-network-stream name buffer host service)
- 'gnutls-x509pki
- host))
+ (gnutls-negotiate :process (open-network-stream name buffer host service)
+ :type 'gnutls-x509pki
+ :hostname host))
(put 'gnutls-error
'error-conditions
(declare-function gnutls-boot "gnutls.c" (proc type proplist))
(declare-function gnutls-errorp "gnutls.c" (error))
-(defun gnutls-negotiate (proc type hostname &optional priority-string
- trustfiles keyfiles verify-flags
- verify-error verify-hostname-error)
+(defun* gnutls-negotiate
+ (&rest spec
+ &key process type hostname priority-string
+ trustfiles crlfiles keylist verify-flags
+ verify-error verify-hostname-error
+ &allow-other-keys)
"Negotiate a SSL/TLS connection. Returns proc. Signals gnutls-error.
+
+Note arguments are passed CL style, :type TYPE instead of just TYPE.
+
TYPE is `gnutls-x509pki' (default) or `gnutls-anon'. Use nil for the default.
-PROC is a process returned by `open-network-stream'.
+PROCESS is a process returned by `open-network-stream'.
HOSTNAME is the remote hostname. It must be a valid string.
PRIORITY-STRING is as per the GnuTLS docs, default is \"NORMAL\".
TRUSTFILES is a list of CA bundles.
-KEYFILES is a list of client keys.
+CRLFILES is a list of CRL files.
+KEYLIST is an alist of (client key file, client cert file) pairs.
When VERIFY-HOSTNAME-ERROR is not nil, an error will be raised
when the hostname does not match the presented certificate's host
:hostname ,hostname
:loglevel ,gnutls-log-level
:trustfiles ,trustfiles
- :keyfiles ,keyfiles
+ :crlfiles ,crlfiles
+ :keylist ,keylist
:verify-flags ,verify-flags
:verify-error ,verify-error
:verify-hostname-error ,verify-hostname-error
ret)
(gnutls-message-maybe
- (setq ret (gnutls-boot proc type params))
+ (setq ret (gnutls-boot process type params))
"boot: %s" params)
(when (gnutls-errorp ret)
;; This is a error from the underlying C code.
- (signal 'gnutls-error (list proc ret)))
+ (signal 'gnutls-error (list process ret)))
- proc))
+ process))
(declare-function gnutls-error-string "gnutls.c" (error))
(require 'tls)
(require 'starttls)
-(declare-function gnutls-negotiate "gnutls"
- (proc type host &optional priority-string trustfiles keyfiles
- verify-flags verify-error verify-hostname-error))
+(declare-function gnutls-negotiate "gnutls" (&rest spec))
;;;###autoload
(defun open-network-stream (name buffer host service &rest parameters)
(network-stream-command stream starttls-command eoc))
;; The server said it was OK to begin STARTTLS negotiations.
(if (fboundp 'open-gnutls-stream)
- (gnutls-negotiate stream nil host)
+ (gnutls-negotiate :process stream :hostname host)
(unless (starttls-negotiate stream)
(delete-process stream)))
(if (memq (process-status stream) '(open run))
HCoop / bpt / emacs.git / commitdiff