[bpt/emacs.git] / src / gnutls.c

/* GnuTLS glue for GNU Emacs.
   Copyright (C) 2010, 2011  Free Software Foundation, Inc.

This file is part of GNU Emacs.

GNU Emacs is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

GNU Emacs is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with GNU Emacs.  If not, see <http://www.gnu.org/licenses/>.  */

#include <config.h>
#include <errno.h>
#include <setjmp.h>

#include "lisp.h"
#include "process.h"

#ifdef HAVE_GNUTLS
#include <gnutls/gnutls.h>

Lisp_Object Qgnutls_code;
Lisp_Object Qgnutls_anon, Qgnutls_x509pki;
Lisp_Object Qgnutls_e_interrupted, Qgnutls_e_again,
  Qgnutls_e_invalid_session, Qgnutls_e_not_ready_for_handshake;
int global_initialized;

/* The following are for the property list of `gnutls-boot'.  */
Lisp_Object Qgnutls_bootprop_priority;
Lisp_Object Qgnutls_bootprop_trustfiles;
Lisp_Object Qgnutls_bootprop_keyfiles;
Lisp_Object Qgnutls_bootprop_callbacks;
Lisp_Object Qgnutls_bootprop_loglevel;

static void
emacs_gnutls_handshake (struct Lisp_Process *proc)
{
  gnutls_session_t state = proc->gnutls_state;
  int ret;

  if (proc->gnutls_initstage < GNUTLS_STAGE_HANDSHAKE_CANDO)
    return;

  if (proc->gnutls_initstage < GNUTLS_STAGE_TRANSPORT_POINTERS_SET)
    {
      /* This is how GnuTLS takes sockets: as file descriptors passed
         in.  For an Emacs process socket, infd and outfd are the
         same but we use this two-argument version for clarity.  */
      gnutls_transport_set_ptr2 (state,
				 (gnutls_transport_ptr_t) (long) proc->infd,
				 (gnutls_transport_ptr_t) (long) proc->outfd);

      proc->gnutls_initstage = GNUTLS_STAGE_TRANSPORT_POINTERS_SET;
    }

  ret = gnutls_handshake (state);
  proc->gnutls_initstage = GNUTLS_STAGE_HANDSHAKE_TRIED;

  if (ret == GNUTLS_E_SUCCESS)
    {
      /* here we're finally done.  */
      proc->gnutls_initstage = GNUTLS_STAGE_READY;
    }
}

int
emacs_gnutls_write (int fildes, struct Lisp_Process *proc, char *buf,
                    unsigned int nbyte)
{
  register int rtnval, bytes_written;
  gnutls_session_t state = proc->gnutls_state;

  if (proc->gnutls_initstage != GNUTLS_STAGE_READY) {
#ifdef EWOULDBLOCK
    errno = EWOULDBLOCK;
#endif
#ifdef EAGAIN
    errno = EAGAIN;
#endif
    return -1;
  }

  bytes_written = 0;

  while (nbyte > 0)
    {
      rtnval = gnutls_write (state, buf, nbyte);

      if (rtnval < 0)
        {
          if (rtnval == GNUTLS_E_AGAIN || rtnval == GNUTLS_E_INTERRUPTED)
            continue;
          else
            return (bytes_written ? bytes_written : -1);
        }

      buf += rtnval;
      nbyte -= rtnval;
      bytes_written += rtnval;
    }

  return (bytes_written);
}

int
emacs_gnutls_read (int fildes, struct Lisp_Process *proc, char *buf,
                   unsigned int nbyte)
{
  register int rtnval;
  gnutls_session_t state = proc->gnutls_state;

  if (proc->gnutls_initstage != GNUTLS_STAGE_READY)
    {
      emacs_gnutls_handshake (proc);
      return -1;
    }

  rtnval = gnutls_read (state, buf, nbyte);
  if (rtnval >= 0)
    return rtnval;
  else {
    if (rtnval == GNUTLS_E_AGAIN ||
	rtnval == GNUTLS_E_INTERRUPTED)
      return -1;
    else
      return 0;
  }
}

/* convert an integer error to a Lisp_Object; it will be either a
   known symbol like `gnutls_e_interrupted' and `gnutls_e_again' or
   simply the integer value of the error.  GNUTLS_E_SUCCESS is mapped
   to Qt.  */
static Lisp_Object
gnutls_make_error (int error)
{
  switch (error)
    {
    case GNUTLS_E_SUCCESS:
      return Qt;
    case GNUTLS_E_AGAIN:
      return Qgnutls_e_again;
    case GNUTLS_E_INTERRUPTED:
      return Qgnutls_e_interrupted;
    case GNUTLS_E_INVALID_SESSION:
      return Qgnutls_e_invalid_session;
    }

  return make_number (error);
}

DEFUN ("gnutls-get-initstage", Fgnutls_get_initstage, Sgnutls_get_initstage, 1, 1, 0,
       doc: /* Return the GnuTLS init stage of process PROC.
See also `gnutls-boot'.  */)
  (Lisp_Object proc)
{
  CHECK_PROCESS (proc);

  return make_number (GNUTLS_INITSTAGE (proc));
}

DEFUN ("gnutls-errorp", Fgnutls_errorp, Sgnutls_errorp, 1, 1, 0,
       doc: /* Return t if ERROR indicates a GnuTLS problem.
ERROR is an integer or a symbol with an integer `gnutls-code' property.
usage: (gnutls-errorp ERROR)  */)
  (Lisp_Object err)
{
  if (EQ (err, Qt)) return Qnil;

  return Qt;
}

DEFUN ("gnutls-error-fatalp", Fgnutls_error_fatalp, Sgnutls_error_fatalp, 1, 1, 0,
       doc: /* Check if ERROR is fatal.
ERROR is an integer or a symbol with an integer `gnutls-code' property.
usage: (gnutls-error-fatalp ERROR)  */)
  (Lisp_Object err)
{
  Lisp_Object code;

  if (EQ (err, Qt)) return Qnil;

  if (SYMBOLP (err))
    {
      code = Fget (err, Qgnutls_code);
      if (NUMBERP (code))
	{
	  err = code;
	}
      else
	{
	  error ("Symbol has no numeric gnutls-code property");
	}
    }

  if (!NUMBERP (err))
    error ("Not an error symbol or code");

  if (0 == gnutls_error_is_fatal (XINT (err)))
    return Qnil;

  return Qt;
}

DEFUN ("gnutls-error-string", Fgnutls_error_string, Sgnutls_error_string, 1, 1, 0,
       doc: /* Return a description of ERROR.
ERROR is an integer or a symbol with an integer `gnutls-code' property.
usage: (gnutls-error-string ERROR)  */)
  (Lisp_Object err)
{
  Lisp_Object code;

  if (EQ (err, Qt)) return build_string ("Not an error");

  if (SYMBOLP (err))
    {
      code = Fget (err, Qgnutls_code);
      if (NUMBERP (code))
	{
	  err = code;
	}
      else
	{
	  return build_string ("Symbol has no numeric gnutls-code property");
	}
    }

  if (!NUMBERP (err))
    return build_string ("Not an error symbol or code");

  return build_string (gnutls_strerror (XINT (err)));
}

DEFUN ("gnutls-deinit", Fgnutls_deinit, Sgnutls_deinit, 1, 1, 0,
       doc: /* Deallocate GnuTLS resources associated with process PROC.
See also `gnutls-init'.  */)
  (Lisp_Object proc)
{
  gnutls_session_t state;

  CHECK_PROCESS (proc);
  state = XPROCESS (proc)->gnutls_state;

  if (GNUTLS_INITSTAGE (proc) >= GNUTLS_STAGE_INIT)
    {
      gnutls_deinit (state);
      GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_INIT - 1;
    }

  return Qt;
}

/* Initializes global GnuTLS state to defaults.
Call `gnutls-global-deinit' when GnuTLS usage is no longer needed.
Returns zero on success.  */
static Lisp_Object
gnutls_emacs_global_init (void)
{
  int ret = GNUTLS_E_SUCCESS;

  if (!global_initialized)
    ret = gnutls_global_init ();

  global_initialized = 1;

  return gnutls_make_error (ret);
}

/* Deinitializes global GnuTLS state.
See also `gnutls-global-init'.  */
static Lisp_Object
gnutls_emacs_global_deinit (void)
{
  if (global_initialized)
    gnutls_global_deinit ();

  global_initialized = 0;

  return gnutls_make_error (GNUTLS_E_SUCCESS);
}

static void
gnutls_log_function (int level, const char* string)
{
  message ("gnutls.c: [%d] %s", level, string);
}

static void
gnutls_log_function2 (int level, const char* string, const char* extra)
{
  message ("gnutls.c: [%d] %s %s", level, string, extra);
}

DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0,
       doc: /* Initialize GnuTLS client for process PROC with TYPE+PROPLIST.
Currently only client mode is supported.  Returns a success/failure
value you can check with `gnutls-errorp'.

TYPE is a symbol, either `gnutls-anon' or `gnutls-x509pki'.
PROPLIST is a property list with the following keys:

:priority is a GnuTLS priority string, defaults to "NORMAL".
:trustfiles is a list of PEM-encoded trust files for `gnutls-x509pki'.
:keyfiles is a list of PEM-encoded key files for `gnutls-x509pki'.
:callbacks is an alist of callback functions (TODO).
:loglevel is the debug level requested from GnuTLS, try 4.

The debug level will be set for this process AND globally for GnuTLS.
So if you set it higher or lower at any point, it affects global
debugging.

Note that the priority is set on the client.  The server does not use
the protocols's priority except for disabling protocols that were not
specified.

Processes must be initialized with this function before other GnuTLS
functions are used.  This function allocates resources which can only
be deallocated by calling `gnutls-deinit' or by calling it again.

Each authentication type may need additional information in order to
work.  For X.509 PKI (`gnutls-x509pki'), you probably need at least
one trustfile (usually a CA bundle).  */)
  (Lisp_Object proc, Lisp_Object type, Lisp_Object proplist)
{
  int ret = GNUTLS_E_SUCCESS;

  int max_log_level = 0;

  /* TODO: GNUTLS_X509_FMT_DER is also an option.  */
  int file_format = GNUTLS_X509_FMT_PEM;

  gnutls_session_t state;
  gnutls_certificate_credentials_t x509_cred;
  gnutls_anon_client_credentials_t anon_cred;
  Lisp_Object global_init;
  char* priority_string_ptr = "NORMAL"; /* default priority string.  */
  Lisp_Object tail;

  /* Placeholders for the property list elements.  */
  Lisp_Object priority_string;
  Lisp_Object trustfiles;
  Lisp_Object keyfiles;
  Lisp_Object callbacks;
  Lisp_Object loglevel;

  CHECK_PROCESS (proc);
  CHECK_SYMBOL (type);
  CHECK_LIST (proplist);

  priority_string = Fplist_get (proplist, Qgnutls_bootprop_priority);
  trustfiles      = Fplist_get (proplist, Qgnutls_bootprop_trustfiles);
  keyfiles        = Fplist_get (proplist, Qgnutls_bootprop_keyfiles);
  callbacks       = Fplist_get (proplist, Qgnutls_bootprop_callbacks);
  loglevel        = Fplist_get (proplist, Qgnutls_bootprop_loglevel);

  state = XPROCESS (proc)->gnutls_state;
  XPROCESS (proc)->gnutls_p = 1;

  if (NUMBERP (loglevel))
    {
      gnutls_global_set_log_function (gnutls_log_function);
      gnutls_global_set_log_level (XINT (loglevel));
      max_log_level = XINT (loglevel);
      XPROCESS (proc)->gnutls_log_level = max_log_level;
    }

  /* always initialize globals.  */
  global_init = gnutls_emacs_global_init ();
  if (! NILP (Fgnutls_errorp (global_init)))
    return global_init;

  /* deinit and free resources.  */
  if (GNUTLS_INITSTAGE (proc) >= GNUTLS_STAGE_CRED_ALLOC)
    {
      GNUTLS_LOG (1, max_log_level, "deallocating credentials");

      if (EQ (type, Qgnutls_x509pki))
	{
          GNUTLS_LOG (2, max_log_level, "deallocating x509 credentials");
          x509_cred = XPROCESS (proc)->gnutls_x509_cred;
          gnutls_certificate_free_credentials (x509_cred);
	}
      else if (EQ (type, Qgnutls_anon))
	{
          GNUTLS_LOG (2, max_log_level, "deallocating anon credentials");
          anon_cred = XPROCESS (proc)->gnutls_anon_cred;
          gnutls_anon_free_client_credentials (anon_cred);
	}
      else
	{
          error ("unknown credential type");
          ret = GNUTLS_EMACS_ERROR_INVALID_TYPE;
	}

      if (GNUTLS_INITSTAGE (proc) >= GNUTLS_STAGE_INIT)
	{
          GNUTLS_LOG (1, max_log_level, "deallocating x509 credentials");
          Fgnutls_deinit (proc);
	}
    }

  GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_EMPTY;

  GNUTLS_LOG (1, max_log_level, "allocating credentials");

  if (EQ (type, Qgnutls_x509pki))
    {
      GNUTLS_LOG (2, max_log_level, "allocating x509 credentials");
      x509_cred = XPROCESS (proc)->gnutls_x509_cred;
      if (gnutls_certificate_allocate_credentials (&x509_cred) < 0)
        memory_full ();
    }
  else if (EQ (type, Qgnutls_anon))
    {
      GNUTLS_LOG (2, max_log_level, "allocating anon credentials");
      anon_cred = XPROCESS (proc)->gnutls_anon_cred;
      if (gnutls_anon_allocate_client_credentials (&anon_cred) < 0)
        memory_full ();
    }
  else
    {
      error ("unknown credential type");
      ret = GNUTLS_EMACS_ERROR_INVALID_TYPE;
    }

  if (ret < GNUTLS_E_SUCCESS)
    return gnutls_make_error (ret);

  GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_CRED_ALLOC;

  if (EQ (type, Qgnutls_x509pki))
    {
      for (tail = trustfiles; !NILP (tail); tail = Fcdr (tail))
	{
	  Lisp_Object trustfile = Fcar (tail);
          if (STRINGP (trustfile))
            {
              GNUTLS_LOG2 (1, max_log_level, "setting the trustfile: ",
                           SDATA (trustfile));
              ret = gnutls_certificate_set_x509_trust_file
                (x509_cred,
                 SDATA (trustfile),
                 file_format);

              if (ret < GNUTLS_E_SUCCESS)
                return gnutls_make_error (ret);
            }
          else
            {
              error ("Sorry, GnuTLS can't use non-string trustfile %s",
                     trustfile);
            }
        }

      for (tail = keyfiles; !NILP (tail); tail = Fcdr (tail))
	{
	  Lisp_Object keyfile = Fcar (tail);
          if (STRINGP (keyfile))
            {
              GNUTLS_LOG2 (1, max_log_level, "setting the keyfile: ",
                           SDATA (keyfile));
              ret = gnutls_certificate_set_x509_crl_file
                (x509_cred,
                 SDATA (keyfile),
                 file_format);

              if (ret < GNUTLS_E_SUCCESS)
                return gnutls_make_error (ret);
            }
          else
            {
              error ("Sorry, GnuTLS can't use non-string keyfile %s",
                     keyfile);
            }
        }
    }

  GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_FILES;

  GNUTLS_LOG (1, max_log_level, "gnutls_init");

  ret = gnutls_init (&state, GNUTLS_CLIENT);

  if (ret < GNUTLS_E_SUCCESS)
    return gnutls_make_error (ret);

  XPROCESS (proc)->gnutls_state = state;

  GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_INIT;

  if (STRINGP (priority_string))
    {
      priority_string_ptr = SSDATA (priority_string);
      GNUTLS_LOG2 (1, max_log_level, "got non-default priority string:",
                   priority_string_ptr);
    }
  else
    {
      GNUTLS_LOG2 (1, max_log_level, "using default priority string:",
                   priority_string_ptr);
    }

  GNUTLS_LOG (1, max_log_level, "setting the priority string");

  ret = gnutls_priority_set_direct (state,
				    priority_string_ptr,
				    NULL);

  if (ret < GNUTLS_E_SUCCESS)
    return gnutls_make_error (ret);

  GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_PRIORITY;

  if (EQ (type, Qgnutls_x509pki))
    {
      ret = gnutls_cred_set (state, GNUTLS_CRD_CERTIFICATE, x509_cred);
    }
  else if (EQ (type, Qgnutls_anon))
    {
      ret = gnutls_cred_set (state, GNUTLS_CRD_ANON, anon_cred);
    }
  else
    {
      error ("unknown credential type");
      ret = GNUTLS_EMACS_ERROR_INVALID_TYPE;
    }

  if (ret < GNUTLS_E_SUCCESS)
    return gnutls_make_error (ret);

  XPROCESS (proc)->gnutls_anon_cred = anon_cred;
  XPROCESS (proc)->gnutls_x509_cred = x509_cred;
  XPROCESS (proc)->gnutls_cred_type = type;

  GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_CRED_SET;

  emacs_gnutls_handshake (XPROCESS (proc));

  return gnutls_make_error (GNUTLS_E_SUCCESS);
}

DEFUN ("gnutls-bye", Fgnutls_bye,
       Sgnutls_bye, 2, 2, 0,
       doc: /* Terminate current GnuTLS connection for process PROC.
The connection should have been initiated using `gnutls-handshake'.

If CONT is not nil the TLS connection gets terminated and further
receives and sends will be disallowed.  If the return value is zero you
may continue using the connection.  If CONT is nil, GnuTLS actually
sends an alert containing a close request and waits for the peer to
reply with the same message.  In order to reuse the connection you
should wait for an EOF from the peer.

This function may also return `gnutls-e-again', or
`gnutls-e-interrupted'.  */)
    (Lisp_Object proc, Lisp_Object cont)
{
  gnutls_session_t state;
  int ret;

  CHECK_PROCESS (proc);

  state = XPROCESS (proc)->gnutls_state;

  ret = gnutls_bye (state,
                    NILP (cont) ? GNUTLS_SHUT_RDWR : GNUTLS_SHUT_WR);

  return gnutls_make_error (ret);
}

void
syms_of_gnutls (void)
{
  global_initialized = 0;

  Qgnutls_code = intern_c_string ("gnutls-code");
  staticpro (&Qgnutls_code);

  Qgnutls_anon = intern_c_string ("gnutls-anon");
  staticpro (&Qgnutls_anon);

  Qgnutls_x509pki = intern_c_string ("gnutls-x509pki");
  staticpro (&Qgnutls_x509pki);

  Qgnutls_bootprop_priority = intern_c_string (":priority");
  staticpro (&Qgnutls_bootprop_priority);

  Qgnutls_bootprop_trustfiles = intern_c_string (":trustfiles");
  staticpro (&Qgnutls_bootprop_trustfiles);

  Qgnutls_bootprop_keyfiles = intern_c_string (":keyfiles");
  staticpro (&Qgnutls_bootprop_keyfiles);

  Qgnutls_bootprop_callbacks = intern_c_string (":callbacks");
  staticpro (&Qgnutls_bootprop_callbacks);

  Qgnutls_bootprop_loglevel = intern_c_string (":loglevel");
  staticpro (&Qgnutls_bootprop_loglevel);

  Qgnutls_e_interrupted = intern_c_string ("gnutls-e-interrupted");
  staticpro (&Qgnutls_e_interrupted);
  Fput (Qgnutls_e_interrupted, Qgnutls_code,
        make_number (GNUTLS_E_INTERRUPTED));

  Qgnutls_e_again = intern_c_string ("gnutls-e-again");
  staticpro (&Qgnutls_e_again);
  Fput (Qgnutls_e_again, Qgnutls_code,
        make_number (GNUTLS_E_AGAIN));

  Qgnutls_e_invalid_session = intern_c_string ("gnutls-e-invalid-session");
  staticpro (&Qgnutls_e_invalid_session);
  Fput (Qgnutls_e_invalid_session, Qgnutls_code,
        make_number (GNUTLS_E_INVALID_SESSION));

  Qgnutls_e_not_ready_for_handshake =
    intern_c_string ("gnutls-e-not-ready-for-handshake");
  staticpro (&Qgnutls_e_not_ready_for_handshake);
  Fput (Qgnutls_e_not_ready_for_handshake, Qgnutls_code,
        make_number (GNUTLS_E_APPLICATION_ERROR_MIN));

  defsubr (&Sgnutls_get_initstage);
  defsubr (&Sgnutls_errorp);
  defsubr (&Sgnutls_error_fatalp);
  defsubr (&Sgnutls_error_string);
  defsubr (&Sgnutls_boot);
  defsubr (&Sgnutls_deinit);
  defsubr (&Sgnutls_bye);
}
#endif
Commit	Line	Data
8af55556	1	/* GnuTLS glue for GNU Emacs.
d0d4361d	2	Copyright (C) 2010, 2011 Free Software Foundation, Inc.
8af55556 TZ	3
	4	This file is part of GNU Emacs.
	5
	6	GNU Emacs is free software: you can redistribute it and/or modify
	7	it under the terms of the GNU General Public License as published by
	8	the Free Software Foundation, either version 3 of the License, or
	9	(at your option) any later version.
	10
	11	GNU Emacs is distributed in the hope that it will be useful,
	12	but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	GNU General Public License for more details.
	15
	16	You should have received a copy of the GNU General Public License
	17	along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>. */
	18
	19	#include <config.h>
	20	#include <errno.h>
	21	#include <setjmp.h>
	22
	23	#include "lisp.h"
	24	#include "process.h"
	25
	26	#ifdef HAVE_GNUTLS
	27	#include <gnutls/gnutls.h>
	28
	29	Lisp_Object Qgnutls_code;
	30	Lisp_Object Qgnutls_anon, Qgnutls_x509pki;
	31	Lisp_Object Qgnutls_e_interrupted, Qgnutls_e_again,
	32	Qgnutls_e_invalid_session, Qgnutls_e_not_ready_for_handshake;
	33	int global_initialized;
	34
c1ae068b LMI	35	/* The following are for the property list of `gnutls-boot'. */
	36	Lisp_Object Qgnutls_bootprop_priority;
	37	Lisp_Object Qgnutls_bootprop_trustfiles;
	38	Lisp_Object Qgnutls_bootprop_keyfiles;
	39	Lisp_Object Qgnutls_bootprop_callbacks;
	40	Lisp_Object Qgnutls_bootprop_loglevel;
	41
74f1829d	42	static void
bac5cef8 LMI	43	emacs_gnutls_handshake (struct Lisp_Process *proc)
	44	{
	45	gnutls_session_t state = proc->gnutls_state;
	46	int ret;
	47
	48	if (proc->gnutls_initstage < GNUTLS_STAGE_HANDSHAKE_CANDO)
	49	return;
	50
	51	if (proc->gnutls_initstage < GNUTLS_STAGE_TRANSPORT_POINTERS_SET)
e6059fa2	52	{
c1ae068b LMI	53	/* This is how GnuTLS takes sockets: as file descriptors passed
	54	in. For an Emacs process socket, infd and outfd are the
	55	same but we use this two-argument version for clarity. */
e6059fa2 LMI	56	gnutls_transport_set_ptr2 (state,
	57	(gnutls_transport_ptr_t) (long) proc->infd,
	58	(gnutls_transport_ptr_t) (long) proc->outfd);
bac5cef8	59
e6059fa2 LMI	60	proc->gnutls_initstage = GNUTLS_STAGE_TRANSPORT_POINTERS_SET;
e6059fa2 LMI	61	}
bac5cef8 LMI	62
	63	ret = gnutls_handshake (state);
	64	proc->gnutls_initstage = GNUTLS_STAGE_HANDSHAKE_TRIED;
	65
	66	if (ret == GNUTLS_E_SUCCESS)
e6059fa2 LMI	67	{
	68	/* here we're finally done. */
	69	proc->gnutls_initstage = GNUTLS_STAGE_READY;
	70	}
bac5cef8 LMI	71	}
bac5cef8 LMI	72
8af55556	73	int
df7fcaff	74	emacs_gnutls_write (int fildes, struct Lisp_Process proc, char buf,
8af55556 TZ	75	unsigned int nbyte)
	76	{
	77	register int rtnval, bytes_written;
df7fcaff LMI	78	gnutls_session_t state = proc->gnutls_state;
df7fcaff LMI	79
355cdaf3 LMI	80	if (proc->gnutls_initstage != GNUTLS_STAGE_READY) {
	81	#ifdef EWOULDBLOCK
	82	errno = EWOULDBLOCK;
	83	#endif
	84	#ifdef EAGAIN
	85	errno = EAGAIN;
	86	#endif
e6059fa2	87	return -1;
355cdaf3	88	}
8af55556 TZ	89
	90	bytes_written = 0;
	91
	92	while (nbyte > 0)
	93	{
	94	rtnval = gnutls_write (state, buf, nbyte);
	95
2e6c74c5	96	if (rtnval < 0)
8af55556	97	{
2e6c74c5	98	if (rtnval == GNUTLS_E_AGAIN \|\| rtnval == GNUTLS_E_INTERRUPTED)
8af55556 TZ	99	continue;
	100	else
	101	return (bytes_written ? bytes_written : -1);
	102	}
	103
	104	buf += rtnval;
	105	nbyte -= rtnval;
	106	bytes_written += rtnval;
	107	}
8af55556 TZ	108
	109	return (bytes_written);
	110	}
	111
	112	int
df7fcaff	113	emacs_gnutls_read (int fildes, struct Lisp_Process proc, char buf,
8af55556 TZ	114	unsigned int nbyte)
	115	{
	116	register int rtnval;
df7fcaff LMI	117	gnutls_session_t state = proc->gnutls_state;
df7fcaff LMI	118
e6059fa2 LMI	119	if (proc->gnutls_initstage != GNUTLS_STAGE_READY)
	120	{
	121	emacs_gnutls_handshake (proc);
	122	return -1;
	123	}
8af55556	124
ec9f09be LMI	125	rtnval = gnutls_read (state, buf, nbyte);
	126	if (rtnval >= 0)
	127	return rtnval;
4b2d9ec2 LMI	128	else {
	129	if (rtnval == GNUTLS_E_AGAIN \|\|
	130	rtnval == GNUTLS_E_INTERRUPTED)
	131	return -1;
	132	else
	133	return 0;
	134	}
8af55556 TZ	135	}
	136
	137	/* convert an integer error to a Lisp_Object; it will be either a
	138	known symbol like `gnutls_e_interrupted' and `gnutls_e_again' or
	139	simply the integer value of the error. GNUTLS_E_SUCCESS is mapped
	140	to Qt. */
74f1829d JB	141	static Lisp_Object
74f1829d JB	142	gnutls_make_error (int error)
8af55556 TZ	143	{
8af55556 TZ	144	switch (error)
e6059fa2 LMI	145	{
	146	case GNUTLS_E_SUCCESS:
	147	return Qt;
	148	case GNUTLS_E_AGAIN:
	149	return Qgnutls_e_again;
	150	case GNUTLS_E_INTERRUPTED:
	151	return Qgnutls_e_interrupted;
	152	case GNUTLS_E_INVALID_SESSION:
	153	return Qgnutls_e_invalid_session;
	154	}
8af55556 TZ	155
	156	return make_number (error);
	157	}
	158
	159	DEFUN ("gnutls-get-initstage", Fgnutls_get_initstage, Sgnutls_get_initstage, 1, 1, 0,
74f1829d	160	doc: /* Return the GnuTLS init stage of process PROC.
8af55556	161	See also `gnutls-boot'. */)
74f1829d	162	(Lisp_Object proc)
8af55556 TZ	163	{
	164	CHECK_PROCESS (proc);
	165
	166	return make_number (GNUTLS_INITSTAGE (proc));
	167	}
	168
	169	DEFUN ("gnutls-errorp", Fgnutls_errorp, Sgnutls_errorp, 1, 1, 0,
74f1829d JB	170	doc: /* Return t if ERROR indicates a GnuTLS problem.
	171	ERROR is an integer or a symbol with an integer `gnutls-code' property.
	172	usage: (gnutls-errorp ERROR) */)
	173	(Lisp_Object err)
8af55556	174	{
74f1829d	175	if (EQ (err, Qt)) return Qnil;
8af55556 TZ	176
	177	return Qt;
	178	}
	179
	180	DEFUN ("gnutls-error-fatalp", Fgnutls_error_fatalp, Sgnutls_error_fatalp, 1, 1, 0,
74f1829d JB	181	doc: /* Check if ERROR is fatal.
	182	ERROR is an integer or a symbol with an integer `gnutls-code' property.
	183	usage: (gnutls-error-fatalp ERROR) */)
	184	(Lisp_Object err)
8af55556 TZ	185	{
	186	Lisp_Object code;
	187
	188	if (EQ (err, Qt)) return Qnil;
	189
	190	if (SYMBOLP (err))
8af55556	191	{
e6059fa2 LMI	192	code = Fget (err, Qgnutls_code);
	193	if (NUMBERP (code))
	194	{
	195	err = code;
	196	}
	197	else
	198	{
	199	error ("Symbol has no numeric gnutls-code property");
	200	}
8af55556	201	}
8af55556 TZ	202
	203	if (!NUMBERP (err))
	204	error ("Not an error symbol or code");
	205
	206	if (0 == gnutls_error_is_fatal (XINT (err)))
	207	return Qnil;
	208
	209	return Qt;
	210	}
	211
	212	DEFUN ("gnutls-error-string", Fgnutls_error_string, Sgnutls_error_string, 1, 1, 0,
74f1829d JB	213	doc: /* Return a description of ERROR.
	214	ERROR is an integer or a symbol with an integer `gnutls-code' property.
	215	usage: (gnutls-error-string ERROR) */)
	216	(Lisp_Object err)
8af55556 TZ	217	{
	218	Lisp_Object code;
	219
	220	if (EQ (err, Qt)) return build_string ("Not an error");
	221
	222	if (SYMBOLP (err))
8af55556	223	{
e6059fa2 LMI	224	code = Fget (err, Qgnutls_code);
	225	if (NUMBERP (code))
	226	{
	227	err = code;
	228	}
	229	else
	230	{
	231	return build_string ("Symbol has no numeric gnutls-code property");
	232	}
8af55556	233	}
8af55556 TZ	234
	235	if (!NUMBERP (err))
	236	return build_string ("Not an error symbol or code");
	237
	238	return build_string (gnutls_strerror (XINT (err)));
	239	}
	240
	241	DEFUN ("gnutls-deinit", Fgnutls_deinit, Sgnutls_deinit, 1, 1, 0,
e1b69165	242	doc: /* Deallocate GnuTLS resources associated with process PROC.
8af55556	243	See also `gnutls-init'. */)
74f1829d	244	(Lisp_Object proc)
8af55556 TZ	245	{
	246	gnutls_session_t state;
	247
	248	CHECK_PROCESS (proc);
	249	state = XPROCESS (proc)->gnutls_state;
	250
	251	if (GNUTLS_INITSTAGE (proc) >= GNUTLS_STAGE_INIT)
e6059fa2	252	{
8af55556 TZ	253	gnutls_deinit (state);
8af55556 TZ	254	GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_INIT - 1;
e6059fa2	255	}
8af55556 TZ	256
	257	return Qt;
	258	}
	259
e1b69165 JB	260	/* Initializes global GnuTLS state to defaults.
e1b69165 JB	261	Call `gnutls-global-deinit' when GnuTLS usage is no longer needed.
8af55556	262	Returns zero on success. */
74f1829d JB	263	static Lisp_Object
74f1829d JB	264	gnutls_emacs_global_init (void)
8af55556 TZ	265	{
	266	int ret = GNUTLS_E_SUCCESS;
	267
	268	if (!global_initialized)
	269	ret = gnutls_global_init ();
	270
	271	global_initialized = 1;
	272
	273	return gnutls_make_error (ret);
	274	}
	275
e1b69165	276	/* Deinitializes global GnuTLS state.
8af55556	277	See also `gnutls-global-init'. */
74f1829d JB	278	static Lisp_Object
74f1829d JB	279	gnutls_emacs_global_deinit (void)
8af55556 TZ	280	{
	281	if (global_initialized)
	282	gnutls_global_deinit ();
	283
	284	global_initialized = 0;
	285
	286	return gnutls_make_error (GNUTLS_E_SUCCESS);
	287	}
	288
74f1829d JB	289	static void
74f1829d JB	290	gnutls_log_function (int level, const char* string)
8ed70bf3	291	{
74f1829d	292	message ("gnutls.c: [%d] %s", level, string);
d2e9d0bb LMI	293	}
d2e9d0bb LMI	294
c1ae068b LMI	295	static void
	296	gnutls_log_function2 (int level, const char* string, const char* extra)
	297	{
	298	message ("gnutls.c: [%d] %s %s", level, string, extra);
	299	}
	300
	301	DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0,
	302	doc: /* Initialize GnuTLS client for process PROC with TYPE+PROPLIST.
8af55556 TZ	303	Currently only client mode is supported. Returns a success/failure
	304	value you can check with `gnutls-errorp'.
	305
c1ae068b LMI	306	TYPE is a symbol, either `gnutls-anon' or `gnutls-x509pki'.
	307	PROPLIST is a property list with the following keys:
	308
	309	:priority is a GnuTLS priority string, defaults to "NORMAL".
	310	:trustfiles is a list of PEM-encoded trust files for `gnutls-x509pki'.
	311	:keyfiles is a list of PEM-encoded key files for `gnutls-x509pki'.
	312	:callbacks is an alist of callback functions (TODO).
	313	:loglevel is the debug level requested from GnuTLS, try 4.
8ed70bf3	314
c1ae068b LMI	315	The debug level will be set for this process AND globally for GnuTLS.
	316	So if you set it higher or lower at any point, it affects global
	317	debugging.
8af55556 TZ	318
	319	Note that the priority is set on the client. The server does not use
	320	the protocols's priority except for disabling protocols that were not
	321	specified.
	322
74f1829d	323	Processes must be initialized with this function before other GnuTLS
8af55556 TZ	324	functions are used. This function allocates resources which can only
	325	be deallocated by calling `gnutls-deinit' or by calling it again.
	326
	327	Each authentication type may need additional information in order to
c1ae068b LMI	328	work. For X.509 PKI (`gnutls-x509pki'), you probably need at least
	329	one trustfile (usually a CA bundle). */)
	330	(Lisp_Object proc, Lisp_Object type, Lisp_Object proplist)
8af55556 TZ	331	{
	332	int ret = GNUTLS_E_SUCCESS;
	333
8ed70bf3 LMI	334	int max_log_level = 0;
8ed70bf3 LMI	335
8af55556 TZ	336	/* TODO: GNUTLS_X509_FMT_DER is also an option. */
	337	int file_format = GNUTLS_X509_FMT_PEM;
	338
	339	gnutls_session_t state;
	340	gnutls_certificate_credentials_t x509_cred;
	341	gnutls_anon_client_credentials_t anon_cred;
8af55556	342	Lisp_Object global_init;
c1ae068b LMI	343	char* priority_string_ptr = "NORMAL"; /* default priority string. */
	344	Lisp_Object tail;
	345
	346	/* Placeholders for the property list elements. */
	347	Lisp_Object priority_string;
	348	Lisp_Object trustfiles;
	349	Lisp_Object keyfiles;
	350	Lisp_Object callbacks;
	351	Lisp_Object loglevel;
8af55556 TZ	352
	353	CHECK_PROCESS (proc);
	354	CHECK_SYMBOL (type);
c1ae068b LMI	355	CHECK_LIST (proplist);
	356
	357	priority_string = Fplist_get (proplist, Qgnutls_bootprop_priority);
	358	trustfiles = Fplist_get (proplist, Qgnutls_bootprop_trustfiles);
	359	keyfiles = Fplist_get (proplist, Qgnutls_bootprop_keyfiles);
	360	callbacks = Fplist_get (proplist, Qgnutls_bootprop_callbacks);
	361	loglevel = Fplist_get (proplist, Qgnutls_bootprop_loglevel);
8af55556 TZ	362
8af55556 TZ	363	state = XPROCESS (proc)->gnutls_state;
df7fcaff	364	XPROCESS (proc)->gnutls_p = 1;
8af55556	365
8ed70bf3 LMI	366	if (NUMBERP (loglevel))
8ed70bf3 LMI	367	{
8ed70bf3 LMI	368	gnutls_global_set_log_function (gnutls_log_function);
	369	gnutls_global_set_log_level (XINT (loglevel));
	370	max_log_level = XINT (loglevel);
	371	XPROCESS (proc)->gnutls_log_level = max_log_level;
	372	}
df7fcaff	373
8af55556 TZ	374	/* always initialize globals. */
	375	global_init = gnutls_emacs_global_init ();
	376	if (! NILP (Fgnutls_errorp (global_init)))
	377	return global_init;
	378
	379	/* deinit and free resources. */
	380	if (GNUTLS_INITSTAGE (proc) >= GNUTLS_STAGE_CRED_ALLOC)
e6059fa2	381	{
8ed70bf3 LMI	382	GNUTLS_LOG (1, max_log_level, "deallocating credentials");
8ed70bf3 LMI	383
8af55556	384	if (EQ (type, Qgnutls_x509pki))
e6059fa2	385	{
8ed70bf3 LMI	386	GNUTLS_LOG (2, max_log_level, "deallocating x509 credentials");
8ed70bf3 LMI	387	x509_cred = XPROCESS (proc)->gnutls_x509_cred;
8af55556	388	gnutls_certificate_free_credentials (x509_cred);
e6059fa2	389	}
8af55556	390	else if (EQ (type, Qgnutls_anon))
e6059fa2	391	{
8ed70bf3 LMI	392	GNUTLS_LOG (2, max_log_level, "deallocating anon credentials");
8ed70bf3 LMI	393	anon_cred = XPROCESS (proc)->gnutls_anon_cred;
8af55556	394	gnutls_anon_free_client_credentials (anon_cred);
e6059fa2	395	}
8af55556	396	else
e6059fa2	397	{
8af55556 TZ	398	error ("unknown credential type");
8af55556 TZ	399	ret = GNUTLS_EMACS_ERROR_INVALID_TYPE;
e6059fa2	400	}
8af55556 TZ	401
8af55556 TZ	402	if (GNUTLS_INITSTAGE (proc) >= GNUTLS_STAGE_INIT)
e6059fa2	403	{
8ed70bf3	404	GNUTLS_LOG (1, max_log_level, "deallocating x509 credentials");
8af55556	405	Fgnutls_deinit (proc);
e6059fa2 LMI	406	}
e6059fa2 LMI	407	}
8af55556 TZ	408
	409	GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_EMPTY;
	410
8ed70bf3 LMI	411	GNUTLS_LOG (1, max_log_level, "allocating credentials");
8ed70bf3 LMI	412
8af55556	413	if (EQ (type, Qgnutls_x509pki))
e6059fa2	414	{
8ed70bf3 LMI	415	GNUTLS_LOG (2, max_log_level, "allocating x509 credentials");
8ed70bf3 LMI	416	x509_cred = XPROCESS (proc)->gnutls_x509_cred;
8af55556 TZ	417	if (gnutls_certificate_allocate_credentials (&x509_cred) < 0)
8af55556 TZ	418	memory_full ();
e6059fa2	419	}
8af55556	420	else if (EQ (type, Qgnutls_anon))
e6059fa2	421	{
8ed70bf3 LMI	422	GNUTLS_LOG (2, max_log_level, "allocating anon credentials");
8ed70bf3 LMI	423	anon_cred = XPROCESS (proc)->gnutls_anon_cred;
8af55556 TZ	424	if (gnutls_anon_allocate_client_credentials (&anon_cred) < 0)
8af55556 TZ	425	memory_full ();
e6059fa2	426	}
8af55556	427	else
e6059fa2	428	{
8af55556 TZ	429	error ("unknown credential type");
8af55556 TZ	430	ret = GNUTLS_EMACS_ERROR_INVALID_TYPE;
e6059fa2	431	}
8af55556 TZ	432
8af55556 TZ	433	if (ret < GNUTLS_E_SUCCESS)
e6059fa2	434	return gnutls_make_error (ret);
8af55556 TZ	435
	436	GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_CRED_ALLOC;
	437
8af55556	438	if (EQ (type, Qgnutls_x509pki))
e6059fa2	439	{
c1ae068b	440	for (tail = trustfiles; !NILP (tail); tail = Fcdr (tail))
e6059fa2	441	{
c1ae068b LMI	442	Lisp_Object trustfile = Fcar (tail);
	443	if (STRINGP (trustfile))
	444	{
	445	GNUTLS_LOG2 (1, max_log_level, "setting the trustfile: ",
	446	SDATA (trustfile));
	447	ret = gnutls_certificate_set_x509_trust_file
	448	(x509_cred,
	449	SDATA (trustfile),
	450	file_format);
51b59d79	451
c1ae068b LMI	452	if (ret < GNUTLS_E_SUCCESS)
	453	return gnutls_make_error (ret);
	454	}
	455	else
	456	{
	457	error ("Sorry, GnuTLS can't use non-string trustfile %s",
	458	trustfile);
	459	}
	460	}
8af55556	461
c1ae068b	462	for (tail = keyfiles; !NILP (tail); tail = Fcdr (tail))
e6059fa2	463	{
c1ae068b LMI	464	Lisp_Object keyfile = Fcar (tail);
	465	if (STRINGP (keyfile))
	466	{
	467	GNUTLS_LOG2 (1, max_log_level, "setting the keyfile: ",
	468	SDATA (keyfile));
	469	ret = gnutls_certificate_set_x509_crl_file
	470	(x509_cred,
	471	SDATA (keyfile),
	472	file_format);
51b59d79	473
c1ae068b LMI	474	if (ret < GNUTLS_E_SUCCESS)
	475	return gnutls_make_error (ret);
	476	}
	477	else
	478	{
	479	error ("Sorry, GnuTLS can't use non-string keyfile %s",
	480	keyfile);
	481	}
	482	}
e6059fa2	483	}
8af55556 TZ	484
	485	GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_FILES;
	486
8ed70bf3 LMI	487	GNUTLS_LOG (1, max_log_level, "gnutls_init");
8ed70bf3 LMI	488
8af55556 TZ	489	ret = gnutls_init (&state, GNUTLS_CLIENT);
	490
	491	if (ret < GNUTLS_E_SUCCESS)
e6059fa2	492	return gnutls_make_error (ret);
8af55556 TZ	493
	494	XPROCESS (proc)->gnutls_state = state;
	495
	496	GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_INIT;
	497
c1ae068b LMI	498	if (STRINGP (priority_string))
c1ae068b LMI	499	{
51b59d79	500	priority_string_ptr = SSDATA (priority_string);
c1ae068b LMI	501	GNUTLS_LOG2 (1, max_log_level, "got non-default priority string:",
	502	priority_string_ptr);
	503	}
	504	else
	505	{
	506	GNUTLS_LOG2 (1, max_log_level, "using default priority string:",
	507	priority_string_ptr);
	508	}
51b59d79	509
8ed70bf3 LMI	510	GNUTLS_LOG (1, max_log_level, "setting the priority string");
8ed70bf3 LMI	511
74f1829d	512	ret = gnutls_priority_set_direct (state,
c1ae068b	513	priority_string_ptr,
74f1829d	514	NULL);
8af55556 TZ	515
8af55556 TZ	516	if (ret < GNUTLS_E_SUCCESS)
e6059fa2	517	return gnutls_make_error (ret);
8af55556 TZ	518
	519	GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_PRIORITY;
	520
8af55556	521	if (EQ (type, Qgnutls_x509pki))
e6059fa2	522	{
8af55556	523	ret = gnutls_cred_set (state, GNUTLS_CRD_CERTIFICATE, x509_cred);
e6059fa2	524	}
8af55556	525	else if (EQ (type, Qgnutls_anon))
e6059fa2	526	{
8af55556	527	ret = gnutls_cred_set (state, GNUTLS_CRD_ANON, anon_cred);
e6059fa2	528	}
8af55556	529	else
e6059fa2	530	{
8af55556 TZ	531	error ("unknown credential type");
8af55556 TZ	532	ret = GNUTLS_EMACS_ERROR_INVALID_TYPE;
e6059fa2	533	}
8af55556 TZ	534
8af55556 TZ	535	if (ret < GNUTLS_E_SUCCESS)
e6059fa2	536	return gnutls_make_error (ret);
8af55556	537
8ed70bf3 LMI	538	XPROCESS (proc)->gnutls_anon_cred = anon_cred;
8ed70bf3 LMI	539	XPROCESS (proc)->gnutls_x509_cred = x509_cred;
8af55556 TZ	540	XPROCESS (proc)->gnutls_cred_type = type;
	541
	542	GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_CRED_SET;
	543
bac5cef8 LMI	544	emacs_gnutls_handshake (XPROCESS (proc));
bac5cef8 LMI	545
8af55556 TZ	546	return gnutls_make_error (GNUTLS_E_SUCCESS);
	547	}
	548
	549	DEFUN ("gnutls-bye", Fgnutls_bye,
	550	Sgnutls_bye, 2, 2, 0,
74f1829d	551	doc: /* Terminate current GnuTLS connection for process PROC.
8af55556 TZ	552	The connection should have been initiated using `gnutls-handshake'.
	553
	554	If CONT is not nil the TLS connection gets terminated and further
74f1829d	555	receives and sends will be disallowed. If the return value is zero you
8af55556 TZ	556	may continue using the connection. If CONT is nil, GnuTLS actually
	557	sends an alert containing a close request and waits for the peer to
	558	reply with the same message. In order to reuse the connection you
	559	should wait for an EOF from the peer.
	560
	561	This function may also return `gnutls-e-again', or
	562	`gnutls-e-interrupted'. */)
	563	(Lisp_Object proc, Lisp_Object cont)
	564	{
	565	gnutls_session_t state;
	566	int ret;
	567
	568	CHECK_PROCESS (proc);
	569
	570	state = XPROCESS (proc)->gnutls_state;
	571
	572	ret = gnutls_bye (state,
	573	NILP (cont) ? GNUTLS_SHUT_RDWR : GNUTLS_SHUT_WR);
	574
	575	return gnutls_make_error (ret);
	576	}
	577
8af55556 TZ	578	void
	579	syms_of_gnutls (void)
	580	{
	581	global_initialized = 0;
	582
	583	Qgnutls_code = intern_c_string ("gnutls-code");
	584	staticpro (&Qgnutls_code);
	585
	586	Qgnutls_anon = intern_c_string ("gnutls-anon");
	587	staticpro (&Qgnutls_anon);
	588
	589	Qgnutls_x509pki = intern_c_string ("gnutls-x509pki");
	590	staticpro (&Qgnutls_x509pki);
	591
b845653d	592	Qgnutls_bootprop_priority = intern_c_string (":priority");
c1ae068b LMI	593	staticpro (&Qgnutls_bootprop_priority);
c1ae068b LMI	594
b845653d	595	Qgnutls_bootprop_trustfiles = intern_c_string (":trustfiles");
c1ae068b LMI	596	staticpro (&Qgnutls_bootprop_trustfiles);
c1ae068b LMI	597
b845653d	598	Qgnutls_bootprop_keyfiles = intern_c_string (":keyfiles");
c1ae068b LMI	599	staticpro (&Qgnutls_bootprop_keyfiles);
c1ae068b LMI	600
b845653d	601	Qgnutls_bootprop_callbacks = intern_c_string (":callbacks");
c1ae068b LMI	602	staticpro (&Qgnutls_bootprop_callbacks);
c1ae068b LMI	603
b845653d	604	Qgnutls_bootprop_loglevel = intern_c_string (":loglevel");
c1ae068b LMI	605	staticpro (&Qgnutls_bootprop_loglevel);
c1ae068b LMI	606
8af55556 TZ	607	Qgnutls_e_interrupted = intern_c_string ("gnutls-e-interrupted");
	608	staticpro (&Qgnutls_e_interrupted);
	609	Fput (Qgnutls_e_interrupted, Qgnutls_code,
	610	make_number (GNUTLS_E_INTERRUPTED));
	611
	612	Qgnutls_e_again = intern_c_string ("gnutls-e-again");
	613	staticpro (&Qgnutls_e_again);
	614	Fput (Qgnutls_e_again, Qgnutls_code,
	615	make_number (GNUTLS_E_AGAIN));
	616
	617	Qgnutls_e_invalid_session = intern_c_string ("gnutls-e-invalid-session");
	618	staticpro (&Qgnutls_e_invalid_session);
	619	Fput (Qgnutls_e_invalid_session, Qgnutls_code,
	620	make_number (GNUTLS_E_INVALID_SESSION));
	621
	622	Qgnutls_e_not_ready_for_handshake =
	623	intern_c_string ("gnutls-e-not-ready-for-handshake");
	624	staticpro (&Qgnutls_e_not_ready_for_handshake);
	625	Fput (Qgnutls_e_not_ready_for_handshake, Qgnutls_code,
	626	make_number (GNUTLS_E_APPLICATION_ERROR_MIN));
	627
	628	defsubr (&Sgnutls_get_initstage);
	629	defsubr (&Sgnutls_errorp);
	630	defsubr (&Sgnutls_error_fatalp);
	631	defsubr (&Sgnutls_error_string);
	632	defsubr (&Sgnutls_boot);
	633	defsubr (&Sgnutls_deinit);
8af55556 TZ	634	defsubr (&Sgnutls_bye);
	635	}
	636	#endif