mirror of
git://git.sv.gnu.org/emacs.git
synced 2025-12-23 06:00:41 -08:00
739e3dbe05
* lisp/allout.el (allout-abbreviate-flattened-numbering) (allout-mode-deactivate-hook): * lisp/ansi-color.el (ansi-color-unfontify-region): * lisp/auth-source.el (auth-source-hide-passwords) (auth-source-user-or-password) (auth-source-forget-user-or-password): * lisp/cedet/data-debug.el (data-debug-map): * lisp/cedet/semantic/grammar.el (semantic-grammar-syntax-table) (semantic-grammar-map): * lisp/chistory.el (command-history-map): * lisp/comint.el (comint-dynamic-complete) (comint-dynamic-complete-as-filename) (comint-dynamic-simple-complete): * lisp/dired-x.el (read-filename-at-point) (dired-x-submit-report): * lisp/dos-fns.el (register-name-alist, make-register) (register-value, set-register-value, intdos, mode25, mode4350): * lisp/emacs-lisp/bytecomp.el (byte-compile-disable-print-circle): * lisp/emacs-lisp/chart.el (chart-map): * lisp/emacs-lisp/package.el (package-menu-view-commentary): * lisp/emacs-lock.el (toggle-emacs-lock, emacs-lock-from-exiting): * lisp/erc/erc.el (erc-complete-word): * lisp/eshell/em-cmpl.el (eshell-cmpl-suffix-list): * lisp/eshell/esh-util.el (eshell-for): * lisp/files.el (inhibit-first-line-modes-regexps) (inhibit-first-line-modes-suffixes): * lisp/gnus/gnus-msg.el (gnus-outgoing-message-group) (gnus-debug-files, gnus-debug-exclude-variables): * lisp/gnus/gnus-registry.el (gnus-registry-user-format-function-M): * lisp/gnus/gnus.el (gnus-local-domain, gnus-carpal): * lisp/gnus/nnimap.el (nnimap-split-rule): * lisp/iimage.el (turn-on-iimage-mode): * lisp/image.el (image-extension-data, image-library-alist): * lisp/mail/emacsbug.el (report-emacs-bug-pretest-address): * lisp/mail/mail-utils.el (rmail-dont-reply-to): * lisp/mail/mailalias.el (mail-complete-function) (mail-completion-at-point-function): * lisp/mail/rmail.el (rmail-dont-reply-to-names) (rmail-default-dont-reply-to-names): * lisp/mail/sendmail.el (mail-mailer-swallows-blank-line) (mail-sent-via): * lisp/menu-bar.el (menu-bar-kill-ring-save): * lisp/minibuffer.el (completion-annotate-function) (minibuffer-local-filename-must-match-map): * lisp/msb.el (msb-after-load-hooks): * lisp/obsolete/eieio-compat.el (eieio-defmethod) (eieio-defgeneric): * lisp/obsolete/info-edit.el (Info-edit-map): * lisp/obsolete/starttls.el (starttls-any-program-available): * lisp/progmodes/cfengine.el (cfengine-mode-abbrevs): * lisp/progmodes/cwarn.el (turn-on-cwarn-mode): * lisp/progmodes/make-mode.el (makefile-complete): * lisp/progmodes/meta-mode.el (meta-complete-symbol) (meta-mode-map): * lisp/progmodes/pascal.el (pascal-toggle-completions) (pascal-last-completions, pascal-show-completions): * lisp/progmodes/prolog.el (prolog-char-quote-workaround): * lisp/progmodes/which-func.el (which-func-mode): [FUNCTION] * lisp/simple.el (count-lines-region, minibuffer-completing-symbol): * lisp/speedbar.el (speedbar-syntax-table, speedbar-key-map): * lisp/strokes.el (strokes-report-bug): * lisp/subr.el (condition-case-no-debug): * lisp/term/ns-win.el (ns-alternatives-map) (ns-store-cut-buffer-internal): * lisp/term/w32-win.el (w32-default-color-map): * lisp/term/x-win.el (x-cut-buffer-or-selection-value): * lisp/textmodes/bibtex.el (bibtex-complete) (bibtex-entry-field-alist): * lisp/textmodes/reftex-index.el (reftex-index-map) (reftex-index-phrases-map): * lisp/textmodes/reftex-sel.el (reftex-select-label-map) (reftex-select-bib-map): * lisp/textmodes/reftex-toc.el (reftex-toc-map): * lisp/textmodes/rst.el (rst-block-face, rst-external-face) (rst-definition-face, rst-directive-face, rst-comment-face) (rst-emphasis1-face, rst-emphasis2-face, rst-literal-face) (rst-reference-face): * lisp/vc/vc-hooks.el (vc-toggle-read-only): * lisp/view.el (view-return-to-alist) (view-return-to-alist-update): Remove many functions and variables obsolete since 24.1. * lisp/textmodes/bibtex.el (bibtex-entry-alist): Don't use above removed variable 'bibtex-entry-field-alist'. * lisp/cedet/data-debug.el (data-debug-edebug-expr) (data-debug-eval-expression): * lisp/emacs-lisp/trace.el (trace--read-args): * lisp/files-x.el (read-file-local-variable-value): * lisp/simple.el (read--expression): Don't use above removed variable 'minibuffer-completing-symbol'. * lisp/textmodes/rst.el (rst-font-lock-keywords): Don't use above removed variables. * src/w32fns.c (Fw32_default_color_map): Delete obsolete function. (syms_of_w32fns): Delete defsubr for above defun. * src/keyboard.c (syms_of_keyboard) <Vdeferred_action_list> <Vdeferred_action_function>: Delete DEFVARs. <Qdeferred_action_function>: Delete DEFSYM. (syms_of_keyboard_for_pdumper): Adjust for above change. (command_loop_1): Don't run deferred-action-function hook. * lisp/subr.el (deferred-action-list, deferred-action-function): Delete obsoletion statements. * lisp/emacs-lisp/ert-x.el (ert-simulate-command): Don't run 'deferred-action-list' hook. * doc/lispref/hooks.texi (Standard Hooks): Delete 'deferred-action-function'. * lisp/emacs-lisp/lisp.el (field-complete): * lisp/eshell/em-cmpl.el (eshell-cmpl-initialize): * lisp/gnus/gnus-msg.el (gnus-inews-insert-gcc): * lisp/gnus/nnmail.el (nnmail-fancy-expiry-target): * lisp/mail/mail-utils.el (mail-dont-reply-to): * lisp/mail/sendmail.el (sendmail-send-it): * lisp/mail/smtpmail.el (smtpmail-send-it): * lisp/minibuffer.el (minibuffer-completion-help): * lisp/progmodes/python.el: Don't use above removed items. * lisp/emacs-lisp/eieio-core.el: * lisp/mail/mailalias.el (mail-complete-alist): Doc fixes; don't refer to above removed items. ; * etc/NEWS: List removed items.
292 lines
11 KiB
EmacsLisp
292 lines
11 KiB
EmacsLisp
;;; starttls.el --- STARTTLS functions -*- lexical-binding: t; -*-
|
|
|
|
;; Copyright (C) 1999-2022 Free Software Foundation, Inc.
|
|
|
|
;; Author: Daiki Ueno <ueno@unixuser.org>
|
|
;; Author: Simon Josefsson <simon@josefsson.org>
|
|
;; Created: 1999/11/20
|
|
;; Keywords: TLS, SSL, OpenSSL, GnuTLS, mail, news
|
|
;; Obsolete-since: 27.1
|
|
|
|
;; This file is part of GNU Emacs.
|
|
|
|
;; GNU Emacs is free software: you can redistribute it and/or modify
|
|
;; it under the terms of the GNU General Public License as published by
|
|
;; the Free Software Foundation, either version 3 of the License, or
|
|
;; (at your option) any later version.
|
|
|
|
;; GNU Emacs is distributed in the hope that it will be useful,
|
|
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
;; GNU General Public License for more details.
|
|
|
|
;; You should have received a copy of the GNU General Public License
|
|
;; along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
;;; Commentary:
|
|
|
|
;; This module defines some utility functions for STARTTLS profiles.
|
|
|
|
;; [RFC 2595] "Using TLS with IMAP, POP3 and ACAP"
|
|
;; by Chris Newman <chris.newman@innosoft.com> (1999/06)
|
|
|
|
;; This file now contains a combination of the two previous
|
|
;; implementations both called "starttls.el". The first one is Daiki
|
|
;; Ueno's starttls.el which uses his own "starttls" command line tool,
|
|
;; and the second one is Simon Josefsson's starttls.el which uses
|
|
;; "gnutls-cli" from GnuTLS.
|
|
;;
|
|
;; If "starttls" is available, it is preferred by the code over
|
|
;; "gnutls-cli", for backwards compatibility. Use
|
|
;; `starttls-use-gnutls' to toggle between implementations if you have
|
|
;; both tools installed. It is recommended to use GnuTLS, though, as
|
|
;; it performs more verification of the certificates.
|
|
|
|
;; The GnuTLS support requires GnuTLS 0.9.90 (released 2003-10-08) or
|
|
;; later, from <https://www.gnu.org/software/gnutls/>, or "starttls"
|
|
;; from <ftp://ftp.opaopa.org/pub/elisp/>.
|
|
|
|
;; Usage is similar to `open-network-stream'. For example:
|
|
;;
|
|
;; (when (setq tmp (starttls-open-stream
|
|
;; "test" (current-buffer) "yxa.extundo.com" 25))
|
|
;; (accept-process-output tmp 15)
|
|
;; (process-send-string tmp "STARTTLS\n")
|
|
;; (accept-process-output tmp 15)
|
|
;; (message "STARTTLS output:\n%s" (starttls-negotiate tmp))
|
|
;; (process-send-string tmp "EHLO foo\n"))
|
|
|
|
;; An example run yields the following output:
|
|
;;
|
|
;; 220 yxa.extundo.com ESMTP Sendmail 8.12.11/8.12.11/Debian-3; Wed, 26 May 2004 19:12:29 +0200; (No UCE/UBE) logging access from: c494102a.s-bi.bostream.se(OK)-c494102a.s-bi.bostream.se [217.215.27.65]
|
|
;; 220 2.0.0 Ready to start TLS
|
|
;; 250-yxa.extundo.com Hello c494102a.s-bi.bostream.se [217.215.27.65], pleased to meet you
|
|
;; 250-ENHANCEDSTATUSCODES
|
|
;; 250-PIPELINING
|
|
;; 250-EXPN
|
|
;; 250-VERB
|
|
;; 250-8BITMIME
|
|
;; 250-SIZE
|
|
;; 250-DSN
|
|
;; 250-ETRN
|
|
;; 250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
|
|
;; 250-DELIVERBY
|
|
;; 250 HELP
|
|
;; nil
|
|
;;
|
|
;; With the message buffer containing:
|
|
;;
|
|
;; STARTTLS output:
|
|
;; *** Starting TLS handshake
|
|
;; - Server's trusted authorities:
|
|
;; [0]: C=SE,ST=Stockholm,L=Stockholm,O=YXA,OU=CA,CN=yxa.extundo.com,EMAIL=staff@yxa.extundo.com
|
|
;; - Certificate type: X.509
|
|
;; - Got a certificate list of 2 certificates.
|
|
;;
|
|
;; - Certificate[0] info:
|
|
;; # The hostname in the certificate matches 'yxa.extundo.com'.
|
|
;; # valid since: Wed May 26 12:16:00 CEST 2004
|
|
;; # expires at: Wed Jul 26 12:16:00 CEST 2023
|
|
;; # serial number: 04
|
|
;; # fingerprint: 7c 04 4b c1 fa 26 9b 5d 90 22 52 3c 65 3d 85 3a
|
|
;; # version: #1
|
|
;; # public key algorithm: RSA
|
|
;; # Modulus: 1024 bits
|
|
;; # Subject's DN: C=SE,ST=Stockholm,L=Stockholm,O=YXA,OU=Mail server,CN=yxa.extundo.com,EMAIL=staff@yxa.extundo.com
|
|
;; # Issuer's DN: C=SE,ST=Stockholm,L=Stockholm,O=YXA,OU=CA,CN=yxa.extundo.com,EMAIL=staff@yxa.extundo.com
|
|
;;
|
|
;; - Certificate[1] info:
|
|
;; # valid since: Sun May 23 11:35:00 CEST 2004
|
|
;; # expires at: Sun Jul 23 11:35:00 CEST 2023
|
|
;; # serial number: 00
|
|
;; # fingerprint: fc 76 d8 63 1a c9 0b 3b fa 40 fe ed 47 7a 58 ae
|
|
;; # version: #3
|
|
;; # public key algorithm: RSA
|
|
;; # Modulus: 1024 bits
|
|
;; # Subject's DN: C=SE,ST=Stockholm,L=Stockholm,O=YXA,OU=CA,CN=yxa.extundo.com,EMAIL=staff@yxa.extundo.com
|
|
;; # Issuer's DN: C=SE,ST=Stockholm,L=Stockholm,O=YXA,OU=CA,CN=yxa.extundo.com,EMAIL=staff@yxa.extundo.com
|
|
;;
|
|
;; - Peer's certificate issuer is unknown
|
|
;; - Peer's certificate is NOT trusted
|
|
;; - Version: TLS 1.0
|
|
;; - Key Exchange: RSA
|
|
;; - Cipher: ARCFOUR 128
|
|
;; - MAC: SHA
|
|
;; - Compression: NULL
|
|
|
|
;;; Code:
|
|
|
|
(defgroup starttls nil
|
|
"Support for `Transport Layer Security' protocol."
|
|
:version "21.1"
|
|
:group 'mail)
|
|
|
|
(defcustom starttls-gnutls-program "gnutls-cli"
|
|
"Name of GnuTLS command line tool.
|
|
This program is used when GnuTLS is used, i.e. when
|
|
`starttls-use-gnutls' is non-nil."
|
|
:version "22.1"
|
|
:type 'string)
|
|
|
|
(defcustom starttls-program "starttls"
|
|
"The program to run in a subprocess to open an TLSv1 connection.
|
|
This program is used when the `starttls' command is used,
|
|
i.e. when `starttls-use-gnutls' is nil."
|
|
:type 'string)
|
|
|
|
(defcustom starttls-use-gnutls (not (executable-find starttls-program))
|
|
"Whether to use GnuTLS instead of the `starttls' command."
|
|
:version "22.1"
|
|
:type 'boolean)
|
|
|
|
(defcustom starttls-extra-args nil
|
|
"Extra arguments to `starttls-program'.
|
|
These apply when the `starttls' command is used, i.e. when
|
|
`starttls-use-gnutls' is nil."
|
|
:type '(repeat string))
|
|
|
|
(defcustom starttls-extra-arguments nil
|
|
"Extra arguments to `starttls-gnutls-program'.
|
|
These apply when GnuTLS is used, i.e. when `starttls-use-gnutls' is non-nil.
|
|
|
|
For example, non-TLS compliant servers may require
|
|
\(\"--protocols\" \"ssl3\"). Invoke \"gnutls-cli --help\" to
|
|
find out which parameters are available."
|
|
:version "22.1"
|
|
:type '(repeat string))
|
|
|
|
(defcustom starttls-process-connection-type nil
|
|
"Value for `process-connection-type' to use when starting STARTTLS process."
|
|
:version "22.1"
|
|
:type 'boolean)
|
|
|
|
(defcustom starttls-connect "- Simple Client Mode:\n\n"
|
|
"Regular expression indicating successful connection.
|
|
The default is what GnuTLS's \"gnutls-cli\" outputs."
|
|
;; GnuTLS cli.c:main() prints this string when it is starting to run
|
|
;; in the application read/write phase. If the logic, or the string
|
|
;; itself, is modified, this must be updated.
|
|
:version "22.1"
|
|
:type 'regexp)
|
|
|
|
(defcustom starttls-failure "\\*\\*\\* Handshake has failed"
|
|
"Regular expression indicating failed TLS handshake.
|
|
The default is what GnuTLS's \"gnutls-cli\" outputs."
|
|
;; GnuTLS cli.c:do_handshake() prints this string on failure. If the
|
|
;; logic, or the string itself, is modified, this must be updated.
|
|
:version "22.1"
|
|
:type 'regexp)
|
|
|
|
(defcustom starttls-success "- Compression: "
|
|
"Regular expression indicating completed TLS handshakes.
|
|
The default is what GnuTLS's \"gnutls-cli\" outputs."
|
|
;; GnuTLS cli.c:do_handshake() calls, on success,
|
|
;; common.c:print_info(), that unconditionally print this string
|
|
;; last. If that logic, or the string itself, is modified, this
|
|
;; must be updated.
|
|
:version "22.1"
|
|
:type 'regexp)
|
|
|
|
(defun starttls-negotiate-gnutls (process)
|
|
"Negotiate TLS on PROCESS opened by `open-starttls-stream'.
|
|
This should typically only be done once. It typically returns a
|
|
multi-line informational message with information about the
|
|
handshake, or nil on failure."
|
|
(let (buffer info old-max done-ok done-bad)
|
|
(if (null (setq buffer (process-buffer process)))
|
|
;; XXX How to remove/extract the TLS negotiation junk?
|
|
(signal-process (process-id process) 'SIGALRM)
|
|
(with-current-buffer buffer
|
|
(save-excursion
|
|
(setq old-max (goto-char (point-max)))
|
|
(signal-process (process-id process) 'SIGALRM)
|
|
(while (and (processp process)
|
|
(eq (process-status process) 'run)
|
|
(save-excursion
|
|
(goto-char old-max)
|
|
(not (or (setq done-ok (re-search-forward
|
|
starttls-success nil t))
|
|
(setq done-bad (re-search-forward
|
|
starttls-failure nil t))))))
|
|
(accept-process-output process 1.1)
|
|
(sit-for 0.1))
|
|
(setq info (buffer-substring-no-properties old-max (point-max)))
|
|
(delete-region old-max (point-max))
|
|
(if (or (and done-ok (not done-bad))
|
|
;; Prevent mitm that fake success msg after failure msg.
|
|
(and done-ok done-bad (< done-ok done-bad)))
|
|
info
|
|
(message "STARTTLS negotiation failed: %s" info)
|
|
nil))))))
|
|
|
|
(defun starttls-negotiate (process)
|
|
(if starttls-use-gnutls
|
|
(starttls-negotiate-gnutls process)
|
|
(signal-process (process-id process) 'SIGALRM)))
|
|
|
|
(defun starttls-open-stream-gnutls (name buffer host port)
|
|
(message "Opening STARTTLS connection to `%s:%s'..." host port)
|
|
(let* (done
|
|
(old-max (with-current-buffer buffer (point-max)))
|
|
(process-connection-type starttls-process-connection-type)
|
|
(process (apply #'start-process name buffer
|
|
starttls-gnutls-program "-s" host
|
|
"-p" (if (integerp port)
|
|
(int-to-string port)
|
|
port)
|
|
starttls-extra-arguments)))
|
|
(set-process-query-on-exit-flag process nil)
|
|
(while (and (processp process)
|
|
(eq (process-status process) 'run)
|
|
(with-current-buffer buffer
|
|
(goto-char old-max)
|
|
(not (setq done (re-search-forward
|
|
starttls-connect nil t)))))
|
|
(accept-process-output process 0.1)
|
|
(sit-for 0.1))
|
|
(if done
|
|
(with-current-buffer buffer
|
|
(delete-region old-max done))
|
|
(delete-process process)
|
|
(setq process nil))
|
|
(message "Opening STARTTLS connection to `%s:%s'...%s"
|
|
host port (if done "done" "failed"))
|
|
process))
|
|
|
|
;;;###autoload
|
|
(defun starttls-open-stream (name buffer host port)
|
|
"Open a TLS connection for a port to a host.
|
|
Returns a subprocess object to represent the connection.
|
|
Input and output work as for subprocesses; `delete-process' closes it.
|
|
Args are NAME BUFFER HOST PORT.
|
|
NAME is name for process. It is modified if necessary to make it unique.
|
|
BUFFER is the buffer (or `buffer-name') to associate with the process.
|
|
Process output goes at end of that buffer, unless you specify
|
|
a filter function to handle the output.
|
|
BUFFER may be also nil, meaning that this process is not associated
|
|
with any buffer
|
|
Third arg is name of the host to connect to, or its IP address.
|
|
Fourth arg PORT is an integer specifying a port to connect to.
|
|
If `starttls-use-gnutls' is nil, this may also be a service name, but
|
|
GnuTLS requires a port number."
|
|
(if starttls-use-gnutls
|
|
(starttls-open-stream-gnutls name buffer host port)
|
|
(message "Opening STARTTLS connection to `%s:%s'" host (format "%s" port))
|
|
(let* ((process-connection-type starttls-process-connection-type)
|
|
(process (apply #'start-process
|
|
name buffer starttls-program
|
|
host (format "%s" port)
|
|
starttls-extra-args)))
|
|
(set-process-query-on-exit-flag process nil)
|
|
process)))
|
|
|
|
(defun starttls-available-p ()
|
|
"Say whether the STARTTLS programs are available."
|
|
(and (not (memq system-type '(windows-nt ms-dos)))
|
|
(executable-find (if starttls-use-gnutls
|
|
starttls-gnutls-program
|
|
starttls-program))))
|
|
|
|
(provide 'starttls)
|
|
|
|
;;; starttls.el ends here
|