Emacs core TLS support
Ted Zlatanov
tzz at lifelogs.com
Sat Sep 11 16:59:59 CEST 2010
Nearly ready. Since the last patch we have:
- full initialization and handshake (no memory issues, etc.)
- everything happens in gnutls-boot, including global initialization;
all the parameters are either x509 or anon
- use of gnutls_initstage in the process to mark progress of
initialization and whether the process is done initializing and
handshaking
- no SRP anywhere, just anon and x509 (I'll add SRP if we need it and
when the other two are working)
Now I get GNUTLS_E_INSUFFICIENT_CREDENTIALS when I open a x509
connection to an IMAP TLS server so I think there's still work to do.
The trust file seems to be wrong (see lisp/net/gnutls.el, I tried both
"/etc/ssl/certs/ca-certificates.crt" and "/etc/ssl/certs/ca.pem").
The GnuTLS examples don't seem to cover the standard situation of
talking to a web server over SSL and possibly accepting an insecure
connection if the server credentials are bad. I must have missed
something. Could the GnuTLS developers look at my patch and help me
out?
Thanks
Ted
More information about the Gnutls-devel
mailing list