Further TLS async work

* gnutls.c (boot_error): New function to either signal an error or return an error code. (Fgnutls_boot): Don't signal errors when running asynchronously. * process.h (pset_status): Move here from process.c to be able to use from gnutls.c. * process.c (connect_network_socket): Do the TLS boot here when running asynchronously. (wait_reading_process_output): Rework the dns_processes handling for more safety.
author: Lars Ingebrigtsen <larsi@gnus.org> 2016-02-01 00:27:07 +0100
committer: Lars Ingebrigtsen <larsi@gnus.org> 2016-02-01 00:27:07 +0100
commit: 4ff81f8fac1270a829bb2725911bf6b614711257 (patch)
tree: 5c3a640b436037a3d2f6a4e8bb569c01cc9a3599 /src/gnutls.c
parent: 9972329387b7f1e1a9b1c8713a1d5bbdd032de12 (diff)
download: emacs-4ff81f8fac1270a829bb2725911bf6b614711257.tar.gz
1 files changed, 42 insertions, 12 deletions
diff --git a/src/gnutls.c b/src/gnutls.c
index 06459fb3ccd..a0b6e0df68b 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -1167,6 +1167,19 @@ emacs_gnutls_global_deinit (void)
 }
 #endif
 
+/* VARARGS 1 */
+static void
+boot_error (struct Lisp_Process *p, const char *m, ...)
+{
+  va_list ap;
+  va_start (ap, m);
+  if (p->is_non_blocking_client)
+    pset_status (p, Qfailed);
+  else
+    verror (m, ap);
+}
+
+
 DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0,
        doc: /* Initialize GnuTLS client for process PROC with TYPE+PROPLIST.
 Currently only client mode is supported.  Return a success/failure
@@ -1246,16 +1259,23 @@ one trustfile (usually a CA bundle).  */)
   Lisp_Object verify_error;
   Lisp_Object prime_bits;
   Lisp_Object warnings;
+  struct Lisp_Process *p = XPROCESS (proc);
 
   CHECK_PROCESS (proc);
   CHECK_SYMBOL (type);
   CHECK_LIST (proplist);
 
   if (NILP (Fgnutls_available_p ()))
-    error ("GnuTLS not available");
+    {
+      boot_error (p, "GnuTLS not available");
+      return Qnil;
+    }
 
   if (!EQ (type, Qgnutls_x509pki) && !EQ (type, Qgnutls_anon))
-    error ("Invalid GnuTLS credential type");
+    {
+      boot_error (p, "Invalid GnuTLS credential type");
+      return Qnil;
+    }
 
   hostname              = Fplist_get (proplist, QCgnutls_bootprop_hostname);
   priority_string       = Fplist_get (proplist, QCgnutls_bootprop_priority);
@@ -1272,11 +1292,15 @@ one trustfile (usually a CA bundle).  */)
     }
   else if (NILP (Flistp (verify_error)))
     {
-      error ("gnutls-boot: invalid :verify_error parameter (not a list)");
+      boot_error (p, "gnutls-boot: invalid :verify_error parameter (not a list)");
+      return Qnil;
     }
 
   if (!STRINGP (hostname))
-    error ("gnutls-boot: invalid :hostname parameter (not a string)");
+    {
+      boot_error (p, "gnutls-boot: invalid :hostname parameter (not a string)");
+      return Qnil;
+    }
   c_hostname = SSDATA (hostname);
 
   state = XPROCESS (proc)->gnutls_state;
@@ -1384,7 +1408,8 @@ one trustfile (usually a CA bundle).  */)
 	  else
 	    {
 	      emacs_gnutls_deinit (proc);
-	      error ("Invalid trustfile");
+	      boot_error (p, "Invalid trustfile");
+	      return Qnil;
 	    }
 	}
 
@@ -1408,7 +1433,8 @@ one trustfile (usually a CA bundle).  */)
 	  else
 	    {
 	      emacs_gnutls_deinit (proc);
-	      error ("Invalid CRL file");
+	      boot_error (p, "Invalid CRL file");
+	      return Qnil;
 	    }
 	}
 
@@ -1437,8 +1463,9 @@ one trustfile (usually a CA bundle).  */)
 	  else
 	    {
 	      emacs_gnutls_deinit (proc);
-	      error (STRINGP (keyfile) ? "Invalid client cert file"
-		     : "Invalid client key file");
+	      boot_error (p, STRINGP (keyfile) ? "Invalid client cert file"
+			  : "Invalid client key file");
+	      return Qnil;
 	    }
 	}
     }
@@ -1528,8 +1555,9 @@ one trustfile (usually a CA bundle).  */)
           || !NILP (Fmember (QCgnutls_bootprop_trustfiles, verify_error)))
         {
 	  emacs_gnutls_deinit (proc);
-	  error ("Certificate validation failed %s, verification code %x",
-		 c_hostname, peer_verification);
+	  boot_error (p, "Certificate validation failed %s, verification code %x",
+		      c_hostname, peer_verification);
+	  return Qnil;
         }
       else
 	{
@@ -1558,7 +1586,8 @@ one trustfile (usually a CA bundle).  */)
 	{
 	  gnutls_x509_crt_deinit (gnutls_verify_cert);
 	  emacs_gnutls_deinit (proc);
-	  error ("No x509 certificate was found\n");
+	  boot_error (p, "No x509 certificate was found\n");
+	  return Qnil;
 	}
 
       /* We only check the first certificate in the given chain.  */
@@ -1586,7 +1615,8 @@ one trustfile (usually a CA bundle).  */)
             {
 	      gnutls_x509_crt_deinit (gnutls_verify_cert);
 	      emacs_gnutls_deinit (proc);
-	      error ("The x509 certificate does not match \"%s\"", c_hostname);
+	      boot_error (p, "The x509 certificate does not match \"%s\"", c_hostname);
+	      return Qnil;
             }
 	  else
 	    {
author	Lars Ingebrigtsen <larsi@gnus.org>	2016-02-01 00:27:07 +0100
committer	Lars Ingebrigtsen <larsi@gnus.org>	2016-02-01 00:27:07 +0100
commit	4ff81f8fac1270a829bb2725911bf6b614711257 (patch)
tree	5c3a640b436037a3d2f6a4e8bb569c01cc9a3599 /src/gnutls.c
parent	9972329387b7f1e1a9b1c8713a1d5bbdd032de12 (diff)
download	emacs-4ff81f8fac1270a829bb2725911bf6b614711257.tar.gz