[bpt/emacs.git] / src / gnutls.c

/* GnuTLS glue for GNU Emacs.
   Copyright (C) 2010-2011  Free Software Foundation, Inc.

This file is part of GNU Emacs.

GNU Emacs is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

GNU Emacs is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with GNU Emacs.  If not, see <http://www.gnu.org/licenses/>.  */

#include <config.h>
#include <errno.h>
#include <setjmp.h>

#include "lisp.h"
#include "process.h"

#ifdef HAVE_GNUTLS
#include <gnutls/gnutls.h>

Lisp_Object Qgnutls_code;
Lisp_Object Qgnutls_anon, Qgnutls_x509pki;
Lisp_Object Qgnutls_e_interrupted, Qgnutls_e_again,
  Qgnutls_e_invalid_session, Qgnutls_e_not_ready_for_handshake;
int global_initialized;

/* The following are for the property list of `gnutls-boot'.  */
Lisp_Object Qgnutls_bootprop_priority;
Lisp_Object Qgnutls_bootprop_trustfiles;
Lisp_Object Qgnutls_bootprop_keyfiles;
Lisp_Object Qgnutls_bootprop_callbacks;
Lisp_Object Qgnutls_bootprop_loglevel;

static void
emacs_gnutls_handshake (struct Lisp_Process *proc)
{
  gnutls_session_t state = proc->gnutls_state;
  int ret;

  if (proc->gnutls_initstage < GNUTLS_STAGE_HANDSHAKE_CANDO)
    return;

  if (proc->gnutls_initstage < GNUTLS_STAGE_TRANSPORT_POINTERS_SET)
    {
      /* This is how GnuTLS takes sockets: as file descriptors passed
         in.  For an Emacs process socket, infd and outfd are the
         same but we use this two-argument version for clarity.  */
      gnutls_transport_set_ptr2 (state,
				 (gnutls_transport_ptr_t) (long) proc->infd,
				 (gnutls_transport_ptr_t) (long) proc->outfd);

      proc->gnutls_initstage = GNUTLS_STAGE_TRANSPORT_POINTERS_SET;
    }

  ret = gnutls_handshake (state);
  proc->gnutls_initstage = GNUTLS_STAGE_HANDSHAKE_TRIED;

  if (ret == GNUTLS_E_SUCCESS)
    {
      /* here we're finally done.  */
      proc->gnutls_initstage = GNUTLS_STAGE_READY;
    }
}

ssize_t
emacs_gnutls_write (int fildes, struct Lisp_Process *proc, const char *buf,
                    size_t nbyte)
{
  ssize_t rtnval;
  size_t bytes_written;
  gnutls_session_t state = proc->gnutls_state;

  if (proc->gnutls_initstage != GNUTLS_STAGE_READY) {
#ifdef EWOULDBLOCK
    errno = EWOULDBLOCK;
#endif
#ifdef EAGAIN
    errno = EAGAIN;
#endif
    return -1;
  }

  bytes_written = 0;

  while (nbyte > 0)
    {
      rtnval = gnutls_write (state, buf, nbyte);

      if (rtnval < 0)
        {
          if (rtnval == GNUTLS_E_AGAIN || rtnval == GNUTLS_E_INTERRUPTED)
            continue;
          else
            return (bytes_written ? bytes_written : -1);
        }

      buf += rtnval;
      nbyte -= rtnval;
      bytes_written += rtnval;
    }

  return (bytes_written);
}

ssize_t
emacs_gnutls_read (int fildes, struct Lisp_Process *proc, char *buf,
                   size_t nbyte)
{
  ssize_t rtnval;
  gnutls_session_t state = proc->gnutls_state;

  if (proc->gnutls_initstage != GNUTLS_STAGE_READY)
    {
      emacs_gnutls_handshake (proc);
      return -1;
    }

  rtnval = gnutls_read (state, buf, nbyte);
  if (rtnval >= 0)
    return rtnval;
  else {
    if (rtnval == GNUTLS_E_AGAIN ||
	rtnval == GNUTLS_E_INTERRUPTED)
      return -1;
    else
      return 0;
  }
}

/* convert an integer error to a Lisp_Object; it will be either a
   known symbol like `gnutls_e_interrupted' and `gnutls_e_again' or
   simply the integer value of the error.  GNUTLS_E_SUCCESS is mapped
   to Qt.  */
static Lisp_Object
gnutls_make_error (int error)
{
  switch (error)
    {
    case GNUTLS_E_SUCCESS:
      return Qt;
    case GNUTLS_E_AGAIN:
      return Qgnutls_e_again;
    case GNUTLS_E_INTERRUPTED:
      return Qgnutls_e_interrupted;
    case GNUTLS_E_INVALID_SESSION:
      return Qgnutls_e_invalid_session;
    }

  return make_number (error);
}

DEFUN ("gnutls-get-initstage", Fgnutls_get_initstage, Sgnutls_get_initstage, 1, 1, 0,
       doc: /* Return the GnuTLS init stage of process PROC.
See also `gnutls-boot'.  */)
  (Lisp_Object proc)
{
  CHECK_PROCESS (proc);

  return make_number (GNUTLS_INITSTAGE (proc));
}

DEFUN ("gnutls-errorp", Fgnutls_errorp, Sgnutls_errorp, 1, 1, 0,
       doc: /* Return t if ERROR indicates a GnuTLS problem.
ERROR is an integer or a symbol with an integer `gnutls-code' property.
usage: (gnutls-errorp ERROR)  */)
  (Lisp_Object err)
{
  if (EQ (err, Qt)) return Qnil;

  return Qt;
}

DEFUN ("gnutls-error-fatalp", Fgnutls_error_fatalp, Sgnutls_error_fatalp, 1, 1, 0,
       doc: /* Check if ERROR is fatal.
ERROR is an integer or a symbol with an integer `gnutls-code' property.
usage: (gnutls-error-fatalp ERROR)  */)
  (Lisp_Object err)
{
  Lisp_Object code;

  if (EQ (err, Qt)) return Qnil;

  if (SYMBOLP (err))
    {
      code = Fget (err, Qgnutls_code);
      if (NUMBERP (code))
	{
	  err = code;
	}
      else
	{
	  error ("Symbol has no numeric gnutls-code property");
	}
    }

  if (!NUMBERP (err))
    error ("Not an error symbol or code");

  if (0 == gnutls_error_is_fatal (XINT (err)))
    return Qnil;

  return Qt;
}

DEFUN ("gnutls-error-string", Fgnutls_error_string, Sgnutls_error_string, 1, 1, 0,
       doc: /* Return a description of ERROR.
ERROR is an integer or a symbol with an integer `gnutls-code' property.
usage: (gnutls-error-string ERROR)  */)
  (Lisp_Object err)
{
  Lisp_Object code;

  if (EQ (err, Qt)) return build_string ("Not an error");

  if (SYMBOLP (err))
    {
      code = Fget (err, Qgnutls_code);
      if (NUMBERP (code))
	{
	  err = code;
	}
      else
	{
	  return build_string ("Symbol has no numeric gnutls-code property");
	}
    }

  if (!NUMBERP (err))
    return build_string ("Not an error symbol or code");

  return build_string (gnutls_strerror (XINT (err)));
}

DEFUN ("gnutls-deinit", Fgnutls_deinit, Sgnutls_deinit, 1, 1, 0,
       doc: /* Deallocate GnuTLS resources associated with process PROC.
See also `gnutls-init'.  */)
  (Lisp_Object proc)
{
  gnutls_session_t state;

  CHECK_PROCESS (proc);
  state = XPROCESS (proc)->gnutls_state;

  if (GNUTLS_INITSTAGE (proc) >= GNUTLS_STAGE_INIT)
    {
      gnutls_deinit (state);
      GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_INIT - 1;
    }

  return Qt;
}

/* Initializes global GnuTLS state to defaults.
Call `gnutls-global-deinit' when GnuTLS usage is no longer needed.
Returns zero on success.  */
static Lisp_Object
gnutls_emacs_global_init (void)
{
  int ret = GNUTLS_E_SUCCESS;

  if (!global_initialized)
    ret = gnutls_global_init ();

  global_initialized = 1;

  return gnutls_make_error (ret);
}

/* Deinitializes global GnuTLS state.
See also `gnutls-global-init'.  */
static Lisp_Object
gnutls_emacs_global_deinit (void)
{
  if (global_initialized)
    gnutls_global_deinit ();

  global_initialized = 0;

  return gnutls_make_error (GNUTLS_E_SUCCESS);
}

static void
gnutls_log_function (int level, const char* string)
{
  message ("gnutls.c: [%d] %s", level, string);
}

static void
gnutls_log_function2 (int level, const char* string, const char* extra)
{
  message ("gnutls.c: [%d] %s %s", level, string, extra);
}

DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0,
       doc: /* Initialize GnuTLS client for process PROC with TYPE+PROPLIST.
Currently only client mode is supported.  Returns a success/failure
value you can check with `gnutls-errorp'.

TYPE is a symbol, either `gnutls-anon' or `gnutls-x509pki'.
PROPLIST is a property list with the following keys:

:priority is a GnuTLS priority string, defaults to "NORMAL".
:trustfiles is a list of PEM-encoded trust files for `gnutls-x509pki'.
:keyfiles is a list of PEM-encoded key files for `gnutls-x509pki'.
:callbacks is an alist of callback functions (TODO).
:loglevel is the debug level requested from GnuTLS, try 4.

The debug level will be set for this process AND globally for GnuTLS.
So if you set it higher or lower at any point, it affects global
debugging.

Note that the priority is set on the client.  The server does not use
the protocols's priority except for disabling protocols that were not
specified.

Processes must be initialized with this function before other GnuTLS
functions are used.  This function allocates resources which can only
be deallocated by calling `gnutls-deinit' or by calling it again.

Each authentication type may need additional information in order to
work.  For X.509 PKI (`gnutls-x509pki'), you probably need at least
one trustfile (usually a CA bundle).  */)
  (Lisp_Object proc, Lisp_Object type, Lisp_Object proplist)
{
  int ret = GNUTLS_E_SUCCESS;

  int max_log_level = 0;

  /* TODO: GNUTLS_X509_FMT_DER is also an option.  */
  int file_format = GNUTLS_X509_FMT_PEM;

  gnutls_session_t state;
  gnutls_certificate_credentials_t x509_cred;
  gnutls_anon_client_credentials_t anon_cred;
  Lisp_Object global_init;
  char* priority_string_ptr = "NORMAL"; /* default priority string.  */
  Lisp_Object tail;

  /* Placeholders for the property list elements.  */
  Lisp_Object priority_string;
  Lisp_Object trustfiles;
  Lisp_Object keyfiles;
  Lisp_Object callbacks;
  Lisp_Object loglevel;

  CHECK_PROCESS (proc);
  CHECK_SYMBOL (type);
  CHECK_LIST (proplist);

  priority_string = Fplist_get (proplist, Qgnutls_bootprop_priority);
  trustfiles      = Fplist_get (proplist, Qgnutls_bootprop_trustfiles);
  keyfiles        = Fplist_get (proplist, Qgnutls_bootprop_keyfiles);
  callbacks       = Fplist_get (proplist, Qgnutls_bootprop_callbacks);
  loglevel        = Fplist_get (proplist, Qgnutls_bootprop_loglevel);

  state = XPROCESS (proc)->gnutls_state;
  XPROCESS (proc)->gnutls_p = 1;

  if (NUMBERP (loglevel))
    {
      gnutls_global_set_log_function (gnutls_log_function);
      gnutls_global_set_log_level (XINT (loglevel));
      max_log_level = XINT (loglevel);
      XPROCESS (proc)->gnutls_log_level = max_log_level;
    }

  /* always initialize globals.  */
  global_init = gnutls_emacs_global_init ();
  if (! NILP (Fgnutls_errorp (global_init)))
    return global_init;

  /* deinit and free resources.  */
  if (GNUTLS_INITSTAGE (proc) >= GNUTLS_STAGE_CRED_ALLOC)
    {
      GNUTLS_LOG (1, max_log_level, "deallocating credentials");

      if (EQ (type, Qgnutls_x509pki))
	{
          GNUTLS_LOG (2, max_log_level, "deallocating x509 credentials");
          x509_cred = XPROCESS (proc)->gnutls_x509_cred;
          gnutls_certificate_free_credentials (x509_cred);
	}
      else if (EQ (type, Qgnutls_anon))
	{
          GNUTLS_LOG (2, max_log_level, "deallocating anon credentials");
          anon_cred = XPROCESS (proc)->gnutls_anon_cred;
          gnutls_anon_free_client_credentials (anon_cred);
	}
      else
	{
          error ("unknown credential type");
          ret = GNUTLS_EMACS_ERROR_INVALID_TYPE;
	}

      if (GNUTLS_INITSTAGE (proc) >= GNUTLS_STAGE_INIT)
	{
          GNUTLS_LOG (1, max_log_level, "deallocating x509 credentials");
          Fgnutls_deinit (proc);
	}
    }

  GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_EMPTY;

  GNUTLS_LOG (1, max_log_level, "allocating credentials");

  if (EQ (type, Qgnutls_x509pki))
    {
      GNUTLS_LOG (2, max_log_level, "allocating x509 credentials");
      x509_cred = XPROCESS (proc)->gnutls_x509_cred;
      if (gnutls_certificate_allocate_credentials (&x509_cred) < 0)
        memory_full ();
    }
  else if (EQ (type, Qgnutls_anon))
    {
      GNUTLS_LOG (2, max_log_level, "allocating anon credentials");
      anon_cred = XPROCESS (proc)->gnutls_anon_cred;
      if (gnutls_anon_allocate_client_credentials (&anon_cred) < 0)
        memory_full ();
    }
  else
    {
      error ("unknown credential type");
      ret = GNUTLS_EMACS_ERROR_INVALID_TYPE;
    }

  if (ret < GNUTLS_E_SUCCESS)
    return gnutls_make_error (ret);

  GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_CRED_ALLOC;

  if (EQ (type, Qgnutls_x509pki))
    {
      for (tail = trustfiles; !NILP (tail); tail = Fcdr (tail))
	{
	  Lisp_Object trustfile = Fcar (tail);
          if (STRINGP (trustfile))
            {
              GNUTLS_LOG2 (1, max_log_level, "setting the trustfile: ",
                           SDATA (trustfile));
              ret = gnutls_certificate_set_x509_trust_file
                (x509_cred,
                 SDATA (trustfile),
                 file_format);

              if (ret < GNUTLS_E_SUCCESS)
                return gnutls_make_error (ret);
            }
          else
            {
              error ("Sorry, GnuTLS can't use non-string trustfile %s",
                     trustfile);
            }
        }

      for (tail = keyfiles; !NILP (tail); tail = Fcdr (tail))
	{
	  Lisp_Object keyfile = Fcar (tail);
          if (STRINGP (keyfile))
            {
              GNUTLS_LOG2 (1, max_log_level, "setting the keyfile: ",
                           SDATA (keyfile));
              ret = gnutls_certificate_set_x509_crl_file
                (x509_cred,
                 SDATA (keyfile),
                 file_format);

              if (ret < GNUTLS_E_SUCCESS)
                return gnutls_make_error (ret);
            }
          else
            {
              error ("Sorry, GnuTLS can't use non-string keyfile %s",
                     keyfile);
            }
        }
    }

  GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_FILES;

  GNUTLS_LOG (1, max_log_level, "gnutls_init");

  ret = gnutls_init (&state, GNUTLS_CLIENT);

  if (ret < GNUTLS_E_SUCCESS)
    return gnutls_make_error (ret);

  XPROCESS (proc)->gnutls_state = state;

  GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_INIT;

  if (STRINGP (priority_string))
    {
      priority_string_ptr = SSDATA (priority_string);
      GNUTLS_LOG2 (1, max_log_level, "got non-default priority string:",
                   priority_string_ptr);
    }
  else
    {
      GNUTLS_LOG2 (1, max_log_level, "using default priority string:",
                   priority_string_ptr);
    }

  GNUTLS_LOG (1, max_log_level, "setting the priority string");

  ret = gnutls_priority_set_direct (state,
				    priority_string_ptr,
				    NULL);

  if (ret < GNUTLS_E_SUCCESS)
    return gnutls_make_error (ret);

  GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_PRIORITY;

  if (EQ (type, Qgnutls_x509pki))
    {
      ret = gnutls_cred_set (state, GNUTLS_CRD_CERTIFICATE, x509_cred);
    }
  else if (EQ (type, Qgnutls_anon))
    {
      ret = gnutls_cred_set (state, GNUTLS_CRD_ANON, anon_cred);
    }
  else
    {
      error ("unknown credential type");
      ret = GNUTLS_EMACS_ERROR_INVALID_TYPE;
    }

  if (ret < GNUTLS_E_SUCCESS)
    return gnutls_make_error (ret);

  XPROCESS (proc)->gnutls_anon_cred = anon_cred;
  XPROCESS (proc)->gnutls_x509_cred = x509_cred;
  XPROCESS (proc)->gnutls_cred_type = type;

  GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_CRED_SET;

  emacs_gnutls_handshake (XPROCESS (proc));

  return gnutls_make_error (GNUTLS_E_SUCCESS);
}

DEFUN ("gnutls-bye", Fgnutls_bye,
       Sgnutls_bye, 2, 2, 0,
       doc: /* Terminate current GnuTLS connection for process PROC.
The connection should have been initiated using `gnutls-handshake'.

If CONT is not nil the TLS connection gets terminated and further
receives and sends will be disallowed.  If the return value is zero you
may continue using the connection.  If CONT is nil, GnuTLS actually
sends an alert containing a close request and waits for the peer to
reply with the same message.  In order to reuse the connection you
should wait for an EOF from the peer.

This function may also return `gnutls-e-again', or
`gnutls-e-interrupted'.  */)
    (Lisp_Object proc, Lisp_Object cont)
{
  gnutls_session_t state;
  int ret;

  CHECK_PROCESS (proc);

  state = XPROCESS (proc)->gnutls_state;

  ret = gnutls_bye (state,
                    NILP (cont) ? GNUTLS_SHUT_RDWR : GNUTLS_SHUT_WR);

  return gnutls_make_error (ret);
}

void
syms_of_gnutls (void)
{
  global_initialized = 0;

  Qgnutls_code = intern_c_string ("gnutls-code");
  staticpro (&Qgnutls_code);

  Qgnutls_anon = intern_c_string ("gnutls-anon");
  staticpro (&Qgnutls_anon);

  Qgnutls_x509pki = intern_c_string ("gnutls-x509pki");
  staticpro (&Qgnutls_x509pki);

  Qgnutls_bootprop_priority = intern_c_string (":priority");
  staticpro (&Qgnutls_bootprop_priority);

  Qgnutls_bootprop_trustfiles = intern_c_string (":trustfiles");
  staticpro (&Qgnutls_bootprop_trustfiles);

  Qgnutls_bootprop_keyfiles = intern_c_string (":keyfiles");
  staticpro (&Qgnutls_bootprop_keyfiles);

  Qgnutls_bootprop_callbacks = intern_c_string (":callbacks");
  staticpro (&Qgnutls_bootprop_callbacks);

  Qgnutls_bootprop_loglevel = intern_c_string (":loglevel");
  staticpro (&Qgnutls_bootprop_loglevel);

  Qgnutls_e_interrupted = intern_c_string ("gnutls-e-interrupted");
  staticpro (&Qgnutls_e_interrupted);
  Fput (Qgnutls_e_interrupted, Qgnutls_code,
        make_number (GNUTLS_E_INTERRUPTED));

  Qgnutls_e_again = intern_c_string ("gnutls-e-again");
  staticpro (&Qgnutls_e_again);
  Fput (Qgnutls_e_again, Qgnutls_code,
        make_number (GNUTLS_E_AGAIN));

  Qgnutls_e_invalid_session = intern_c_string ("gnutls-e-invalid-session");
  staticpro (&Qgnutls_e_invalid_session);
  Fput (Qgnutls_e_invalid_session, Qgnutls_code,
        make_number (GNUTLS_E_INVALID_SESSION));

  Qgnutls_e_not_ready_for_handshake =
    intern_c_string ("gnutls-e-not-ready-for-handshake");
  staticpro (&Qgnutls_e_not_ready_for_handshake);
  Fput (Qgnutls_e_not_ready_for_handshake, Qgnutls_code,
        make_number (GNUTLS_E_APPLICATION_ERROR_MIN));

  defsubr (&Sgnutls_get_initstage);
  defsubr (&Sgnutls_errorp);
  defsubr (&Sgnutls_error_fatalp);
  defsubr (&Sgnutls_error_string);
  defsubr (&Sgnutls_boot);
  defsubr (&Sgnutls_deinit);
  defsubr (&Sgnutls_bye);
}
#endif
Commit	Line	Data
8af55556	1	/* GnuTLS glue for GNU Emacs.
73b0cd50	2	Copyright (C) 2010-2011 Free Software Foundation, Inc.
8af55556 TZ	3
	4	This file is part of GNU Emacs.
	5
	6	GNU Emacs is free software: you can redistribute it and/or modify
	7	it under the terms of the GNU General Public License as published by
	8	the Free Software Foundation, either version 3 of the License, or
	9	(at your option) any later version.
	10
	11	GNU Emacs is distributed in the hope that it will be useful,
	12	but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	GNU General Public License for more details.
	15
	16	You should have received a copy of the GNU General Public License
	17	along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>. */
	18
	19	#include <config.h>
	20	#include <errno.h>
	21	#include <setjmp.h>
	22
	23	#include "lisp.h"
	24	#include "process.h"
	25
	26	#ifdef HAVE_GNUTLS
	27	#include <gnutls/gnutls.h>
	28
	29	Lisp_Object Qgnutls_code;
	30	Lisp_Object Qgnutls_anon, Qgnutls_x509pki;
	31	Lisp_Object Qgnutls_e_interrupted, Qgnutls_e_again,
	32	Qgnutls_e_invalid_session, Qgnutls_e_not_ready_for_handshake;
	33	int global_initialized;
	34
c1ae068b LMI	35	/* The following are for the property list of `gnutls-boot'. */
	36	Lisp_Object Qgnutls_bootprop_priority;
	37	Lisp_Object Qgnutls_bootprop_trustfiles;
	38	Lisp_Object Qgnutls_bootprop_keyfiles;
	39	Lisp_Object Qgnutls_bootprop_callbacks;
	40	Lisp_Object Qgnutls_bootprop_loglevel;
	41
74f1829d	42	static void
bac5cef8 LMI	43	emacs_gnutls_handshake (struct Lisp_Process *proc)
	44	{
	45	gnutls_session_t state = proc->gnutls_state;
	46	int ret;
	47
	48	if (proc->gnutls_initstage < GNUTLS_STAGE_HANDSHAKE_CANDO)
	49	return;
	50
	51	if (proc->gnutls_initstage < GNUTLS_STAGE_TRANSPORT_POINTERS_SET)
e6059fa2	52	{
c1ae068b LMI	53	/* This is how GnuTLS takes sockets: as file descriptors passed
	54	in. For an Emacs process socket, infd and outfd are the
	55	same but we use this two-argument version for clarity. */
e6059fa2 LMI	56	gnutls_transport_set_ptr2 (state,
	57	(gnutls_transport_ptr_t) (long) proc->infd,
	58	(gnutls_transport_ptr_t) (long) proc->outfd);
bac5cef8	59
e6059fa2 LMI	60	proc->gnutls_initstage = GNUTLS_STAGE_TRANSPORT_POINTERS_SET;
e6059fa2 LMI	61	}
bac5cef8 LMI	62
	63	ret = gnutls_handshake (state);
	64	proc->gnutls_initstage = GNUTLS_STAGE_HANDSHAKE_TRIED;
	65
	66	if (ret == GNUTLS_E_SUCCESS)
e6059fa2 LMI	67	{
	68	/* here we're finally done. */
	69	proc->gnutls_initstage = GNUTLS_STAGE_READY;
	70	}
bac5cef8 LMI	71	}
bac5cef8 LMI	72
368f4090 JM	73	ssize_t
	74	emacs_gnutls_write (int fildes, struct Lisp_Process proc, const char buf,
	75	size_t nbyte)
8af55556	76	{
368f4090 JM	77	ssize_t rtnval;
368f4090 JM	78	size_t bytes_written;
df7fcaff LMI	79	gnutls_session_t state = proc->gnutls_state;
df7fcaff LMI	80
355cdaf3 LMI	81	if (proc->gnutls_initstage != GNUTLS_STAGE_READY) {
	82	#ifdef EWOULDBLOCK
	83	errno = EWOULDBLOCK;
	84	#endif
	85	#ifdef EAGAIN
	86	errno = EAGAIN;
	87	#endif
e6059fa2	88	return -1;
355cdaf3	89	}
8af55556 TZ	90
	91	bytes_written = 0;
	92
	93	while (nbyte > 0)
	94	{
	95	rtnval = gnutls_write (state, buf, nbyte);
	96
2e6c74c5	97	if (rtnval < 0)
8af55556	98	{
2e6c74c5	99	if (rtnval == GNUTLS_E_AGAIN \|\| rtnval == GNUTLS_E_INTERRUPTED)
8af55556 TZ	100	continue;
	101	else
	102	return (bytes_written ? bytes_written : -1);
	103	}
	104
	105	buf += rtnval;
	106	nbyte -= rtnval;
	107	bytes_written += rtnval;
	108	}
8af55556 TZ	109
	110	return (bytes_written);
	111	}
	112
368f4090	113	ssize_t
df7fcaff	114	emacs_gnutls_read (int fildes, struct Lisp_Process proc, char buf,
368f4090	115	size_t nbyte)
8af55556	116	{
368f4090	117	ssize_t rtnval;
df7fcaff LMI	118	gnutls_session_t state = proc->gnutls_state;
df7fcaff LMI	119
e6059fa2 LMI	120	if (proc->gnutls_initstage != GNUTLS_STAGE_READY)
	121	{
	122	emacs_gnutls_handshake (proc);
	123	return -1;
	124	}
8af55556	125
ec9f09be LMI	126	rtnval = gnutls_read (state, buf, nbyte);
	127	if (rtnval >= 0)
	128	return rtnval;
4b2d9ec2 LMI	129	else {
	130	if (rtnval == GNUTLS_E_AGAIN \|\|
	131	rtnval == GNUTLS_E_INTERRUPTED)
	132	return -1;
	133	else
	134	return 0;
	135	}
8af55556 TZ	136	}
	137
	138	/* convert an integer error to a Lisp_Object; it will be either a
	139	known symbol like `gnutls_e_interrupted' and `gnutls_e_again' or
	140	simply the integer value of the error. GNUTLS_E_SUCCESS is mapped
	141	to Qt. */
74f1829d JB	142	static Lisp_Object
74f1829d JB	143	gnutls_make_error (int error)
8af55556 TZ	144	{
8af55556 TZ	145	switch (error)
e6059fa2 LMI	146	{
	147	case GNUTLS_E_SUCCESS:
	148	return Qt;
	149	case GNUTLS_E_AGAIN:
	150	return Qgnutls_e_again;
	151	case GNUTLS_E_INTERRUPTED:
	152	return Qgnutls_e_interrupted;
	153	case GNUTLS_E_INVALID_SESSION:
	154	return Qgnutls_e_invalid_session;
	155	}
8af55556 TZ	156
	157	return make_number (error);
	158	}
	159
	160	DEFUN ("gnutls-get-initstage", Fgnutls_get_initstage, Sgnutls_get_initstage, 1, 1, 0,
74f1829d	161	doc: /* Return the GnuTLS init stage of process PROC.
8af55556	162	See also `gnutls-boot'. */)
74f1829d	163	(Lisp_Object proc)
8af55556 TZ	164	{
	165	CHECK_PROCESS (proc);
	166
	167	return make_number (GNUTLS_INITSTAGE (proc));
	168	}
	169
	170	DEFUN ("gnutls-errorp", Fgnutls_errorp, Sgnutls_errorp, 1, 1, 0,
74f1829d JB	171	doc: /* Return t if ERROR indicates a GnuTLS problem.
	172	ERROR is an integer or a symbol with an integer `gnutls-code' property.
	173	usage: (gnutls-errorp ERROR) */)
	174	(Lisp_Object err)
8af55556	175	{
74f1829d	176	if (EQ (err, Qt)) return Qnil;
8af55556 TZ	177
	178	return Qt;
	179	}
	180
	181	DEFUN ("gnutls-error-fatalp", Fgnutls_error_fatalp, Sgnutls_error_fatalp, 1, 1, 0,
74f1829d JB	182	doc: /* Check if ERROR is fatal.
	183	ERROR is an integer or a symbol with an integer `gnutls-code' property.
	184	usage: (gnutls-error-fatalp ERROR) */)
	185	(Lisp_Object err)
8af55556 TZ	186	{
	187	Lisp_Object code;
	188
	189	if (EQ (err, Qt)) return Qnil;
	190
	191	if (SYMBOLP (err))
8af55556	192	{
e6059fa2 LMI	193	code = Fget (err, Qgnutls_code);
	194	if (NUMBERP (code))
	195	{
	196	err = code;
	197	}
	198	else
	199	{
	200	error ("Symbol has no numeric gnutls-code property");
	201	}
8af55556	202	}
8af55556 TZ	203
	204	if (!NUMBERP (err))
	205	error ("Not an error symbol or code");
	206
	207	if (0 == gnutls_error_is_fatal (XINT (err)))
	208	return Qnil;
	209
	210	return Qt;
	211	}
	212
	213	DEFUN ("gnutls-error-string", Fgnutls_error_string, Sgnutls_error_string, 1, 1, 0,
74f1829d JB	214	doc: /* Return a description of ERROR.
	215	ERROR is an integer or a symbol with an integer `gnutls-code' property.
	216	usage: (gnutls-error-string ERROR) */)
	217	(Lisp_Object err)
8af55556 TZ	218	{
	219	Lisp_Object code;
	220
	221	if (EQ (err, Qt)) return build_string ("Not an error");
	222
	223	if (SYMBOLP (err))
8af55556	224	{
e6059fa2 LMI	225	code = Fget (err, Qgnutls_code);
	226	if (NUMBERP (code))
	227	{
	228	err = code;
	229	}
	230	else
	231	{
	232	return build_string ("Symbol has no numeric gnutls-code property");
	233	}
8af55556	234	}
8af55556 TZ	235
	236	if (!NUMBERP (err))
	237	return build_string ("Not an error symbol or code");
	238
	239	return build_string (gnutls_strerror (XINT (err)));
	240	}
	241
	242	DEFUN ("gnutls-deinit", Fgnutls_deinit, Sgnutls_deinit, 1, 1, 0,
e1b69165	243	doc: /* Deallocate GnuTLS resources associated with process PROC.
8af55556	244	See also `gnutls-init'. */)
74f1829d	245	(Lisp_Object proc)
8af55556 TZ	246	{
	247	gnutls_session_t state;
	248
	249	CHECK_PROCESS (proc);
	250	state = XPROCESS (proc)->gnutls_state;
	251
	252	if (GNUTLS_INITSTAGE (proc) >= GNUTLS_STAGE_INIT)
e6059fa2	253	{
8af55556 TZ	254	gnutls_deinit (state);
8af55556 TZ	255	GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_INIT - 1;
e6059fa2	256	}
8af55556 TZ	257
	258	return Qt;
	259	}
	260
e1b69165 JB	261	/* Initializes global GnuTLS state to defaults.
e1b69165 JB	262	Call `gnutls-global-deinit' when GnuTLS usage is no longer needed.
8af55556	263	Returns zero on success. */
74f1829d JB	264	static Lisp_Object
74f1829d JB	265	gnutls_emacs_global_init (void)
8af55556 TZ	266	{
	267	int ret = GNUTLS_E_SUCCESS;
	268
	269	if (!global_initialized)
	270	ret = gnutls_global_init ();
	271
	272	global_initialized = 1;
	273
	274	return gnutls_make_error (ret);
	275	}
	276
e1b69165	277	/* Deinitializes global GnuTLS state.
8af55556	278	See also `gnutls-global-init'. */
74f1829d JB	279	static Lisp_Object
74f1829d JB	280	gnutls_emacs_global_deinit (void)
8af55556 TZ	281	{
	282	if (global_initialized)
	283	gnutls_global_deinit ();
	284
	285	global_initialized = 0;
	286
	287	return gnutls_make_error (GNUTLS_E_SUCCESS);
	288	}
	289
74f1829d JB	290	static void
74f1829d JB	291	gnutls_log_function (int level, const char* string)
8ed70bf3	292	{
74f1829d	293	message ("gnutls.c: [%d] %s", level, string);
d2e9d0bb LMI	294	}
d2e9d0bb LMI	295
c1ae068b LMI	296	static void
	297	gnutls_log_function2 (int level, const char* string, const char* extra)
	298	{
	299	message ("gnutls.c: [%d] %s %s", level, string, extra);
	300	}
	301
	302	DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0,
	303	doc: /* Initialize GnuTLS client for process PROC with TYPE+PROPLIST.
8af55556 TZ	304	Currently only client mode is supported. Returns a success/failure
	305	value you can check with `gnutls-errorp'.
	306
c1ae068b LMI	307	TYPE is a symbol, either `gnutls-anon' or `gnutls-x509pki'.
	308	PROPLIST is a property list with the following keys:
	309
	310	:priority is a GnuTLS priority string, defaults to "NORMAL".
	311	:trustfiles is a list of PEM-encoded trust files for `gnutls-x509pki'.
	312	:keyfiles is a list of PEM-encoded key files for `gnutls-x509pki'.
	313	:callbacks is an alist of callback functions (TODO).
	314	:loglevel is the debug level requested from GnuTLS, try 4.
8ed70bf3	315
c1ae068b LMI	316	The debug level will be set for this process AND globally for GnuTLS.
	317	So if you set it higher or lower at any point, it affects global
	318	debugging.
8af55556 TZ	319
	320	Note that the priority is set on the client. The server does not use
	321	the protocols's priority except for disabling protocols that were not
	322	specified.
	323
74f1829d	324	Processes must be initialized with this function before other GnuTLS
8af55556 TZ	325	functions are used. This function allocates resources which can only
	326	be deallocated by calling `gnutls-deinit' or by calling it again.
	327
	328	Each authentication type may need additional information in order to
c1ae068b LMI	329	work. For X.509 PKI (`gnutls-x509pki'), you probably need at least
	330	one trustfile (usually a CA bundle). */)
	331	(Lisp_Object proc, Lisp_Object type, Lisp_Object proplist)
8af55556 TZ	332	{
	333	int ret = GNUTLS_E_SUCCESS;
	334
8ed70bf3 LMI	335	int max_log_level = 0;
8ed70bf3 LMI	336
8af55556 TZ	337	/* TODO: GNUTLS_X509_FMT_DER is also an option. */
	338	int file_format = GNUTLS_X509_FMT_PEM;
	339
	340	gnutls_session_t state;
	341	gnutls_certificate_credentials_t x509_cred;
	342	gnutls_anon_client_credentials_t anon_cred;
8af55556	343	Lisp_Object global_init;
c1ae068b LMI	344	char* priority_string_ptr = "NORMAL"; /* default priority string. */
	345	Lisp_Object tail;
	346
	347	/* Placeholders for the property list elements. */
	348	Lisp_Object priority_string;
	349	Lisp_Object trustfiles;
	350	Lisp_Object keyfiles;
	351	Lisp_Object callbacks;
	352	Lisp_Object loglevel;
8af55556 TZ	353
	354	CHECK_PROCESS (proc);
	355	CHECK_SYMBOL (type);
c1ae068b LMI	356	CHECK_LIST (proplist);
	357
	358	priority_string = Fplist_get (proplist, Qgnutls_bootprop_priority);
	359	trustfiles = Fplist_get (proplist, Qgnutls_bootprop_trustfiles);
	360	keyfiles = Fplist_get (proplist, Qgnutls_bootprop_keyfiles);
	361	callbacks = Fplist_get (proplist, Qgnutls_bootprop_callbacks);
	362	loglevel = Fplist_get (proplist, Qgnutls_bootprop_loglevel);
8af55556 TZ	363
8af55556 TZ	364	state = XPROCESS (proc)->gnutls_state;
df7fcaff	365	XPROCESS (proc)->gnutls_p = 1;
8af55556	366
8ed70bf3 LMI	367	if (NUMBERP (loglevel))
8ed70bf3 LMI	368	{
8ed70bf3 LMI	369	gnutls_global_set_log_function (gnutls_log_function);
	370	gnutls_global_set_log_level (XINT (loglevel));
	371	max_log_level = XINT (loglevel);
	372	XPROCESS (proc)->gnutls_log_level = max_log_level;
	373	}
df7fcaff	374
8af55556 TZ	375	/* always initialize globals. */
	376	global_init = gnutls_emacs_global_init ();
	377	if (! NILP (Fgnutls_errorp (global_init)))
	378	return global_init;
	379
	380	/* deinit and free resources. */
	381	if (GNUTLS_INITSTAGE (proc) >= GNUTLS_STAGE_CRED_ALLOC)
e6059fa2	382	{
8ed70bf3 LMI	383	GNUTLS_LOG (1, max_log_level, "deallocating credentials");
8ed70bf3 LMI	384
8af55556	385	if (EQ (type, Qgnutls_x509pki))
e6059fa2	386	{
8ed70bf3 LMI	387	GNUTLS_LOG (2, max_log_level, "deallocating x509 credentials");
8ed70bf3 LMI	388	x509_cred = XPROCESS (proc)->gnutls_x509_cred;
8af55556	389	gnutls_certificate_free_credentials (x509_cred);
e6059fa2	390	}
8af55556	391	else if (EQ (type, Qgnutls_anon))
e6059fa2	392	{
8ed70bf3 LMI	393	GNUTLS_LOG (2, max_log_level, "deallocating anon credentials");
8ed70bf3 LMI	394	anon_cred = XPROCESS (proc)->gnutls_anon_cred;
8af55556	395	gnutls_anon_free_client_credentials (anon_cred);
e6059fa2	396	}
8af55556	397	else
e6059fa2	398	{
8af55556 TZ	399	error ("unknown credential type");
8af55556 TZ	400	ret = GNUTLS_EMACS_ERROR_INVALID_TYPE;
e6059fa2	401	}
8af55556 TZ	402
8af55556 TZ	403	if (GNUTLS_INITSTAGE (proc) >= GNUTLS_STAGE_INIT)
e6059fa2	404	{
8ed70bf3	405	GNUTLS_LOG (1, max_log_level, "deallocating x509 credentials");
8af55556	406	Fgnutls_deinit (proc);
e6059fa2 LMI	407	}
e6059fa2 LMI	408	}
8af55556 TZ	409
	410	GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_EMPTY;
	411
8ed70bf3 LMI	412	GNUTLS_LOG (1, max_log_level, "allocating credentials");
8ed70bf3 LMI	413
8af55556	414	if (EQ (type, Qgnutls_x509pki))
e6059fa2	415	{
8ed70bf3 LMI	416	GNUTLS_LOG (2, max_log_level, "allocating x509 credentials");
8ed70bf3 LMI	417	x509_cred = XPROCESS (proc)->gnutls_x509_cred;
8af55556 TZ	418	if (gnutls_certificate_allocate_credentials (&x509_cred) < 0)
8af55556 TZ	419	memory_full ();
e6059fa2	420	}
8af55556	421	else if (EQ (type, Qgnutls_anon))
e6059fa2	422	{
8ed70bf3 LMI	423	GNUTLS_LOG (2, max_log_level, "allocating anon credentials");
8ed70bf3 LMI	424	anon_cred = XPROCESS (proc)->gnutls_anon_cred;
8af55556 TZ	425	if (gnutls_anon_allocate_client_credentials (&anon_cred) < 0)
8af55556 TZ	426	memory_full ();
e6059fa2	427	}
8af55556	428	else
e6059fa2	429	{
8af55556 TZ	430	error ("unknown credential type");
8af55556 TZ	431	ret = GNUTLS_EMACS_ERROR_INVALID_TYPE;
e6059fa2	432	}
8af55556 TZ	433
8af55556 TZ	434	if (ret < GNUTLS_E_SUCCESS)
e6059fa2	435	return gnutls_make_error (ret);
8af55556 TZ	436
	437	GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_CRED_ALLOC;
	438
8af55556	439	if (EQ (type, Qgnutls_x509pki))
e6059fa2	440	{
c1ae068b	441	for (tail = trustfiles; !NILP (tail); tail = Fcdr (tail))
e6059fa2	442	{
c1ae068b LMI	443	Lisp_Object trustfile = Fcar (tail);
	444	if (STRINGP (trustfile))
	445	{
	446	GNUTLS_LOG2 (1, max_log_level, "setting the trustfile: ",
	447	SDATA (trustfile));
	448	ret = gnutls_certificate_set_x509_trust_file
	449	(x509_cred,
	450	SDATA (trustfile),
	451	file_format);
51b59d79	452
c1ae068b LMI	453	if (ret < GNUTLS_E_SUCCESS)
	454	return gnutls_make_error (ret);
	455	}
	456	else
	457	{
	458	error ("Sorry, GnuTLS can't use non-string trustfile %s",
	459	trustfile);
	460	}
	461	}
8af55556	462
c1ae068b	463	for (tail = keyfiles; !NILP (tail); tail = Fcdr (tail))
e6059fa2	464	{
c1ae068b LMI	465	Lisp_Object keyfile = Fcar (tail);
	466	if (STRINGP (keyfile))
	467	{
	468	GNUTLS_LOG2 (1, max_log_level, "setting the keyfile: ",
	469	SDATA (keyfile));
	470	ret = gnutls_certificate_set_x509_crl_file
	471	(x509_cred,
	472	SDATA (keyfile),
	473	file_format);
51b59d79	474
c1ae068b LMI	475	if (ret < GNUTLS_E_SUCCESS)
	476	return gnutls_make_error (ret);
	477	}
	478	else
	479	{
	480	error ("Sorry, GnuTLS can't use non-string keyfile %s",
	481	keyfile);
	482	}
	483	}
e6059fa2	484	}
8af55556 TZ	485
	486	GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_FILES;
	487
8ed70bf3 LMI	488	GNUTLS_LOG (1, max_log_level, "gnutls_init");
8ed70bf3 LMI	489
8af55556 TZ	490	ret = gnutls_init (&state, GNUTLS_CLIENT);
	491
	492	if (ret < GNUTLS_E_SUCCESS)
e6059fa2	493	return gnutls_make_error (ret);
8af55556 TZ	494
	495	XPROCESS (proc)->gnutls_state = state;
	496
	497	GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_INIT;
	498
c1ae068b LMI	499	if (STRINGP (priority_string))
c1ae068b LMI	500	{
51b59d79	501	priority_string_ptr = SSDATA (priority_string);
c1ae068b LMI	502	GNUTLS_LOG2 (1, max_log_level, "got non-default priority string:",
	503	priority_string_ptr);
	504	}
	505	else
	506	{
	507	GNUTLS_LOG2 (1, max_log_level, "using default priority string:",
	508	priority_string_ptr);
	509	}
51b59d79	510
8ed70bf3 LMI	511	GNUTLS_LOG (1, max_log_level, "setting the priority string");
8ed70bf3 LMI	512
74f1829d	513	ret = gnutls_priority_set_direct (state,
c1ae068b	514	priority_string_ptr,
74f1829d	515	NULL);
8af55556 TZ	516
8af55556 TZ	517	if (ret < GNUTLS_E_SUCCESS)
e6059fa2	518	return gnutls_make_error (ret);
8af55556 TZ	519
	520	GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_PRIORITY;
	521
8af55556	522	if (EQ (type, Qgnutls_x509pki))
e6059fa2	523	{
8af55556	524	ret = gnutls_cred_set (state, GNUTLS_CRD_CERTIFICATE, x509_cred);
e6059fa2	525	}
8af55556	526	else if (EQ (type, Qgnutls_anon))
e6059fa2	527	{
8af55556	528	ret = gnutls_cred_set (state, GNUTLS_CRD_ANON, anon_cred);
e6059fa2	529	}
8af55556	530	else
e6059fa2	531	{
8af55556 TZ	532	error ("unknown credential type");
8af55556 TZ	533	ret = GNUTLS_EMACS_ERROR_INVALID_TYPE;
e6059fa2	534	}
8af55556 TZ	535
8af55556 TZ	536	if (ret < GNUTLS_E_SUCCESS)
e6059fa2	537	return gnutls_make_error (ret);
8af55556	538
8ed70bf3 LMI	539	XPROCESS (proc)->gnutls_anon_cred = anon_cred;
8ed70bf3 LMI	540	XPROCESS (proc)->gnutls_x509_cred = x509_cred;
8af55556 TZ	541	XPROCESS (proc)->gnutls_cred_type = type;
	542
	543	GNUTLS_INITSTAGE (proc) = GNUTLS_STAGE_CRED_SET;
	544
bac5cef8 LMI	545	emacs_gnutls_handshake (XPROCESS (proc));
bac5cef8 LMI	546
8af55556 TZ	547	return gnutls_make_error (GNUTLS_E_SUCCESS);
	548	}
	549
	550	DEFUN ("gnutls-bye", Fgnutls_bye,
	551	Sgnutls_bye, 2, 2, 0,
74f1829d	552	doc: /* Terminate current GnuTLS connection for process PROC.
8af55556 TZ	553	The connection should have been initiated using `gnutls-handshake'.
	554
	555	If CONT is not nil the TLS connection gets terminated and further
74f1829d	556	receives and sends will be disallowed. If the return value is zero you
8af55556 TZ	557	may continue using the connection. If CONT is nil, GnuTLS actually
	558	sends an alert containing a close request and waits for the peer to
	559	reply with the same message. In order to reuse the connection you
	560	should wait for an EOF from the peer.
	561
	562	This function may also return `gnutls-e-again', or
	563	`gnutls-e-interrupted'. */)
	564	(Lisp_Object proc, Lisp_Object cont)
	565	{
	566	gnutls_session_t state;
	567	int ret;
	568
	569	CHECK_PROCESS (proc);
	570
	571	state = XPROCESS (proc)->gnutls_state;
	572
	573	ret = gnutls_bye (state,
	574	NILP (cont) ? GNUTLS_SHUT_RDWR : GNUTLS_SHUT_WR);
	575
	576	return gnutls_make_error (ret);
	577	}
	578
8af55556 TZ	579	void
	580	syms_of_gnutls (void)
	581	{
	582	global_initialized = 0;
	583
	584	Qgnutls_code = intern_c_string ("gnutls-code");
	585	staticpro (&Qgnutls_code);
	586
	587	Qgnutls_anon = intern_c_string ("gnutls-anon");
	588	staticpro (&Qgnutls_anon);
	589
	590	Qgnutls_x509pki = intern_c_string ("gnutls-x509pki");
	591	staticpro (&Qgnutls_x509pki);
	592
b845653d	593	Qgnutls_bootprop_priority = intern_c_string (":priority");
c1ae068b LMI	594	staticpro (&Qgnutls_bootprop_priority);
c1ae068b LMI	595
b845653d	596	Qgnutls_bootprop_trustfiles = intern_c_string (":trustfiles");
c1ae068b LMI	597	staticpro (&Qgnutls_bootprop_trustfiles);
c1ae068b LMI	598
b845653d	599	Qgnutls_bootprop_keyfiles = intern_c_string (":keyfiles");
c1ae068b LMI	600	staticpro (&Qgnutls_bootprop_keyfiles);
c1ae068b LMI	601
b845653d	602	Qgnutls_bootprop_callbacks = intern_c_string (":callbacks");
c1ae068b LMI	603	staticpro (&Qgnutls_bootprop_callbacks);
c1ae068b LMI	604
b845653d	605	Qgnutls_bootprop_loglevel = intern_c_string (":loglevel");
c1ae068b LMI	606	staticpro (&Qgnutls_bootprop_loglevel);
c1ae068b LMI	607
8af55556 TZ	608	Qgnutls_e_interrupted = intern_c_string ("gnutls-e-interrupted");
	609	staticpro (&Qgnutls_e_interrupted);
	610	Fput (Qgnutls_e_interrupted, Qgnutls_code,
	611	make_number (GNUTLS_E_INTERRUPTED));
	612
	613	Qgnutls_e_again = intern_c_string ("gnutls-e-again");
	614	staticpro (&Qgnutls_e_again);
	615	Fput (Qgnutls_e_again, Qgnutls_code,
	616	make_number (GNUTLS_E_AGAIN));
	617
	618	Qgnutls_e_invalid_session = intern_c_string ("gnutls-e-invalid-session");
	619	staticpro (&Qgnutls_e_invalid_session);
	620	Fput (Qgnutls_e_invalid_session, Qgnutls_code,
	621	make_number (GNUTLS_E_INVALID_SESSION));
	622
	623	Qgnutls_e_not_ready_for_handshake =
	624	intern_c_string ("gnutls-e-not-ready-for-handshake");
	625	staticpro (&Qgnutls_e_not_ready_for_handshake);
	626	Fput (Qgnutls_e_not_ready_for_handshake, Qgnutls_code,
	627	make_number (GNUTLS_E_APPLICATION_ERROR_MIN));
	628
	629	defsubr (&Sgnutls_get_initstage);
	630	defsubr (&Sgnutls_errorp);
	631	defsubr (&Sgnutls_error_fatalp);
	632	defsubr (&Sgnutls_error_string);
	633	defsubr (&Sgnutls_boot);
	634	defsubr (&Sgnutls_deinit);
8af55556 TZ	635	defsubr (&Sgnutls_bye);
	636	}
	637	#endif