# endif
# if GNUTLS_VERSION_NUMBER >= 0x030200
+# define HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2
# define HAVE_GNUTLS_CIPHER_GET_IV_SIZE
# endif
DEF_DLL_FN (int, gnutls_certificate_set_x509_key_file,
(gnutls_certificate_credentials_t, const char *, const char *,
gnutls_x509_crt_fmt_t));
+# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2
+DEF_DLL_FN (int, gnutls_certificate_set_x509_key_file2,
+ (gnutls_certificate_credentials_t, const char *, const char *,
+ gnutls_x509_crt_fmt_t, const char *, unsigned int));
+# endif
# ifdef HAVE_GNUTLS_X509_SYSTEM_TRUST
DEF_DLL_FN (int, gnutls_certificate_set_x509_system_trust,
(gnutls_certificate_credentials_t));
LOAD_DLL_FN (library, gnutls_certificate_set_verify_flags);
LOAD_DLL_FN (library, gnutls_certificate_set_x509_crl_file);
LOAD_DLL_FN (library, gnutls_certificate_set_x509_key_file);
+# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2
+ LOAD_DLL_FN (library, gnutls_certificate_set_x509_key_file2);
+# endif
# ifdef HAVE_GNUTLS_X509_SYSTEM_TRUST
LOAD_DLL_FN (library, gnutls_certificate_set_x509_system_trust);
# endif
# define gnutls_certificate_set_verify_flags fn_gnutls_certificate_set_verify_flags
# define gnutls_certificate_set_x509_crl_file fn_gnutls_certificate_set_x509_crl_file
# define gnutls_certificate_set_x509_key_file fn_gnutls_certificate_set_x509_key_file
+# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2
+# define gnutls_certificate_set_x509_key_file2 fn_gnutls_certificate_set_x509_key_file2
+# endif
# define gnutls_certificate_set_x509_system_trust fn_gnutls_certificate_set_x509_system_trust
# define gnutls_certificate_set_x509_trust_file fn_gnutls_certificate_set_x509_trust_file
# define gnutls_certificate_type_get fn_gnutls_certificate_type_get
return gnutls_make_error (ret);
}
+#ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2
+
+/* Helper function for gnutls-boot.
+
+ The key :flags receives a list of symbols, each of which
+ corresponds to a GnuTLS C flag, the ORed result is to be passed to
+ the function gnutls_certificate_set_x509_key_file2() as its last
+ argument.
+*/
+static unsigned int
+key_file2_aux (Lisp_Object flags)
+{
+ unsigned int rv = 0;
+ Lisp_Object tail = flags;
+ FOR_EACH_TAIL_SAFE (tail)
+ {
+ Lisp_Object flag = XCAR (tail);
+ if (EQ (flag, Qgnutls_pkcs_plain))
+ rv |= GNUTLS_PKCS_PLAIN;
+ else if (EQ (flag, Qgnutls_pkcs_pkcs12_3des))
+ rv |= GNUTLS_PKCS_PKCS12_3DES;
+ else if (EQ (flag, Qgnutls_pkcs_pkcs12_arcfour))
+ rv |= GNUTLS_PKCS_PKCS12_ARCFOUR;
+ else if (EQ (flag, Qgnutls_pkcs_pkcs12_rc2_40))
+ rv |= GNUTLS_PKCS_PKCS12_RC2_40;
+ else if (EQ (flag, Qgnutls_pkcs_pbes2_3des))
+ rv |= GNUTLS_PKCS_PBES2_3DES;
+ else if (EQ (flag, Qgnutls_pkcs_pbes2_aes_128))
+ rv |= GNUTLS_PKCS_PBES2_AES_128;
+ else if (EQ (flag, Qgnutls_pkcs_pbes2_aes_192))
+ rv |= GNUTLS_PKCS_PBES2_AES_192;
+ else if (EQ (flag, Qgnutls_pkcs_pbes2_aes_256))
+ rv |= GNUTLS_PKCS_PBES2_AES_256;
+ else if (EQ (flag, Qgnutls_pkcs_null_password))
+ rv |= GNUTLS_PKCS_NULL_PASSWORD;
+ else if (EQ (flag, Qgnutls_pkcs_pbes2_des))
+ rv |= GNUTLS_PKCS_PBES2_DES;
+ else if (EQ (flag, Qgnutls_pkcs_pbes1_des_md5))
+ rv |= GNUTLS_PKCS_PBES1_DES_MD5;
+ else if (EQ (flag, Qgnutls_pkcs_pbes2_gost_tc26z))
+ rv |= GNUTLS_PKCS_PBES2_GOST_TC26Z;
+ else if (EQ (flag, Qgnutls_pkcs_pbes2_gost_cpa))
+ rv |= GNUTLS_PKCS_PBES2_GOST_CPA;
+ else if (EQ (flag, Qgnutls_pkcs_pbes2_gost_cpb))
+ rv |= GNUTLS_PKCS_PBES2_GOST_CPB;
+ else if (EQ (flag, Qgnutls_pkcs_pbes2_gost_cpc))
+ rv |= GNUTLS_PKCS_PBES2_GOST_CPC;
+ else if (EQ (flag, Qgnutls_pkcs_pbes2_gost_cpd))
+ rv |= GNUTLS_PKCS_PBES2_GOST_CPD;
+ }
+ return rv;
+}
+
+#endif /* HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 */
+
DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0,
doc: /* Initialize GnuTLS client for process PROC with TYPE+PROPLIST.
Currently only client mode is supported. Return a success/failure
:complete-negotiation, if non-nil, will make negotiation complete
before returning even on non-blocking sockets.
+:pass, the password of the private key as per GnuTLS'
+gnutls_certificate_set_x509_key_file2. Specify as nil to have a NULL
+password.
+
+:flags, a list of symbols relating to :pass, each specifying a flag:
+GNUTLS_PKCS_PLAIN, GNUTLS_PKCS_PKCS12_3DES,
+GNUTLS_PKCS_PKCS12_ARCFOUR, GNUTLS_PKCS_PKCS12_RC2_40,
+GNUTLS_PKCS_PBES2_3DES, GNUTLS_PKCS_PBES2_AES_128,
+GNUTLS_PKCS_PBES2_AES_192, GNUTLS_PKCS_PBES2_AES_256,
+GNUTLS_PKCS_NULL_PASSWORD, GNUTLS_PKCS_PBES2_DES,
+GNUTLS_PKCS_PBES2_DES_MD5, GNUTLS_PKCS_PBES2_GOST_TC26Z,
+GNUTLS_PKCS_PBES2_GOST_CPA, GNUTLS_PKCS_PBES2_GOST_CPB,
+GNUTLS_PKCS_PBES2_GOST_CPC, GNUTLS_PKCS_PBES2_GOST_CPD. If not
+specified, or if nil, the bitflag with value 0 is used.
+
The debug level will be set for this process AND globally for GnuTLS.
So if you set it higher or lower at any point, it affects global
debugging.
functions are used. This function allocates resources which can only
be deallocated by calling `gnutls-deinit' or by calling it again.
+The :pass and :flags keys are ignored with old versions of GnuTLS, and
+:flags is ignored if :pass is not specified.
+
The callbacks alist can have a `verify' key, associated with a
verification function (UNUSED).
Lisp_Object global_init;
char const *priority_string_ptr = "NORMAL"; /* default priority string. */
char *c_hostname;
+ const char *c_pass;
/* Placeholders for the property list elements. */
Lisp_Object priority_string;
Lisp_Object trustfiles;
Lisp_Object crlfiles;
Lisp_Object keylist;
+ Lisp_Object pass;
+ Lisp_Object flags;
/* Lisp_Object callbacks; */
Lisp_Object loglevel;
Lisp_Object hostname;
crlfiles = plist_get (proplist, QCcrlfiles);
loglevel = plist_get (proplist, QCloglevel);
prime_bits = plist_get (proplist, QCmin_prime_bits);
+ pass = plist_get (proplist, QCpass);
+ flags = plist_get (proplist, QCflags);
+
+ if (STRINGP (pass))
+ c_pass = SSDATA (pass);
+ else
+ c_pass = NULL;
if (!STRINGP (hostname))
{
# ifdef WINDOWSNT
keyfile = ansi_encode_filename (keyfile);
certfile = ansi_encode_filename (certfile);
+# endif
+# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2
+ if (plist_member (proplist, QCpass))
+ ret = gnutls_certificate_set_x509_key_file2
+ (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format,
+ c_pass, key_file2_aux (flags));
+ else
# endif
ret = gnutls_certificate_set_x509_key_file
(x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format);
DEFSYM (QCmin_prime_bits, ":min-prime-bits");
DEFSYM (QCloglevel, ":loglevel");
DEFSYM (QCcomplete_negotiation, ":complete-negotiation");
+ DEFSYM (QCpass, ":pass");
+ DEFSYM (QCflags, ":flags");
DEFSYM (QCverify_flags, ":verify-flags");
DEFSYM (QCverify_error, ":verify-error");
+ DEFSYM (Qgnutls_pkcs_plain, "GNUTLS_PKCS_PLAIN");
+ DEFSYM (Qgnutls_pkcs_pkcs12_3des, "GNUTLS_PKCS_PKCS12_3DES");
+ DEFSYM (Qgnutls_pkcs_pkcs12_arcfour, "GNUTLS_PKCS_PKCS12_ARCFOUR");
+ DEFSYM (Qgnutls_pkcs_pkcs12_rc2_40, "GNUTLS_PKCS_PKCS12_RC2_40");
+ DEFSYM (Qgnutls_pkcs_pbes2_3des, "GNUTLS_PKCS_PBES2_3DES");
+ DEFSYM (Qgnutls_pkcs_pbes2_aes_128, "GNUTLS_PKCS_PBES2_AES_128");
+ DEFSYM (Qgnutls_pkcs_pbes2_aes_192, "GNUTLS_PKCS_PBES2_AES_192");
+ DEFSYM (Qgnutls_pkcs_pbes2_aes_256, "GNUTLS_PKCS_PBES2_AES_256");
+ DEFSYM (Qgnutls_pkcs_null_password, "GNUTLS_PKCS_NULL_PASSWORD");
+ DEFSYM (Qgnutls_pkcs_pbes2_des, "GNUTLS_PKCS_PBES2_DES");
+ DEFSYM (Qgnutls_pkcs_pbes1_des_md5, "GNUTLS_PKCS_PBES1_DES_MD5");
+ DEFSYM (Qgnutls_pkcs_pbes2_gost_tc26z, "GNUTLS_PKCS_PBES2_GOST_TC26Z");
+ DEFSYM (Qgnutls_pkcs_pbes2_gost_cpa, "GNUTLS_PKCS_PBES2_GOST_CPA");
+ DEFSYM (Qgnutls_pkcs_pbes2_gost_cpb, "GNUTLS_PKCS_PBES2_GOST_CPB");
+ DEFSYM (Qgnutls_pkcs_pbes2_gost_cpc, "GNUTLS_PKCS_PBES2_GOST_CPC");
+ DEFSYM (Qgnutls_pkcs_pbes2_gost_cpd, "GNUTLS_PKCS_PBES2_GOST_CPD");
DEFSYM (QCcipher_id, ":cipher-id");
DEFSYM (QCcipher_aead_capable, ":cipher-aead-capable");
projects / emacs.git / commitdiff