-(defun elpher-get-selector (address renderer &optional force-ipv4)
- "Retrieve selector specified by ADDRESS, then render it using RENDERER.
-If FORCE-IPV4 is non-nil, explicitly look up and use IPv4 address corresponding
-to ADDRESS."
- (when (equal (elpher-address-protocol address) "gophers")
- (if (gnutls-available-p)
- (when (not elpher-use-tls)
- (setq elpher-use-tls t)
- (message "Engaging TLS gopher mode."))
- (error "Cannot retrieve TLS gopher selector: GnuTLS not available")))
- (unless (< (elpher-address-port address) 65536)
- (error "Cannot retrieve gopher selector: port number > 65536"))
- (defvar gnutls-verify-error)
- (condition-case nil
- (let* ((kill-buffer-query-functions nil)
- (gnutls-verify-error nil) ; We use the NSM for verification
- (port (elpher-address-port address))
- (host (elpher-address-host address))
- (selector-string-parts nil)
- (bytes-received 0)
- (hkbytes-received 0)
- (proc (open-network-stream "elpher-process"
- nil
- (if (or elpher-ipv4-always force-ipv4)
- (dns-query host)
- host)
- (if (> port 0) port 70)
- :type (if elpher-use-tls 'tls 'plain)
- :nowait t))
- (timer (run-at-time elpher-connection-timeout
- nil
- (lambda ()
- (pcase (process-status proc)
- ('failed
- (if (and (not (equal (elpher-address-protocol address)
- "gophers"))
- elpher-use-tls
- (or elpher-auto-disengage-TLS
- (yes-or-no-p "Could not establish encrypted connection. Disable TLS mode?")))
- (progn
- (message "Disabling TLS mode.")
- (setq elpher-use-tls nil)
- (elpher-get-selector address renderer))
- (elpher-network-error address "Could not establish encrypted connection")))
- ('connect
- (elpher-process-cleanup)
- (unless (or elpher-ipv4-always force-ipv4)
- (message "Connection timed out. Retrying with IPv4 address.")
- (elpher-get-selector address renderer t))))))))
- (setq elpher-network-timer timer)
- (set-process-coding-system proc 'binary)
- (set-process-filter proc
- (lambda (_proc string)
- (when timer
- (cancel-timer timer)
- (setq timer nil))
- (setq bytes-received (+ bytes-received (length string)))
- (let ((new-hkbytes-received (/ bytes-received 102400)))
- (when (> new-hkbytes-received hkbytes-received)
- (setq hkbytes-received new-hkbytes-received)
- (with-current-buffer "*elpher*"
- (let ((inhibit-read-only t))
- (goto-char (point-min))
- (beginning-of-line 2)
- (delete-region (point) (point-max))
- (insert "("
- (number-to-string (/ hkbytes-received 10.0))
- " MB read)")))))
- (setq selector-string-parts
- (cons string selector-string-parts))))
- (set-process-sentinel proc
- (lambda (_proc event)
- (condition-case the-error
- (cond
- ((string-prefix-p "deleted" event))
- ((string-prefix-p "open" event)
- (let ((inhibit-eol-conversion t))
- (process-send-string
- proc
- (concat (elpher-gopher-address-selector address)
- "\r\n"))))
- (t
- (when timer
- (cancel-timer timer)
- (setq timer nil))
- (funcall renderer (apply #'concat
- (reverse selector-string-parts)))
- (elpher-restore-pos)))
- (error
- (elpher-network-error address the-error))))))
- (error
- (error "Error initiating connection to server"))))
+If TEMPORARY is non-nil, the certificate will be given an exporation
+period of one day, and the key and certificate files will be deleted
+when the certificate is no longer needed for the current session.
+
+Otherwise, the certificate will be given a 100 year expiration period
+and the files will not be deleted.
+
+The function returns a list containing the current host name, the
+temporary flag, and the key and cert file names in the form required
+by `gnutls-boot-parameters`."
+ (let ((exp-key-file (expand-file-name key-file))
+ (exp-cert-file (expand-file-name cert-file)))
+ (condition-case nil
+ (progn
+ (call-process elpher-openssl-command nil nil nil
+ "req" "-x509" "-newkey" "rsa:2048"
+ "-days" (if temporary "1" "36500")
+ "-nodes"
+ "-subj" (concat "/CN=" common-name)
+ "-keyout" exp-key-file
+ "-out" exp-cert-file)
+ (list (elpher-address-host (elpher-page-address elpher-current-page))
+ temporary exp-key-file exp-cert-file))
+ (error
+ (message "Check that openssl is installed, or customize `elpher-openssl-command`.")
+ (error "Program 'openssl', required for certificate generation, not found")))))
+
+(defun elpher-generate-throwaway-certificate ()
+ "Generate and return details of a throwaway certificate.
+The key and certificate files will be deleted when they are no
+longer needed for this session."
+ (let* ((file-base (make-temp-name "elpher"))
+ (key-file (concat temporary-file-directory file-base ".key"))
+ (cert-file (concat temporary-file-directory file-base ".crt")))
+ (elpher-generate-certificate file-base key-file cert-file t)))
+
+(defun elpher-generate-persistent-certificate (file-base common-name)
+ "Generate and return details of a persistent certificate.
+The argument FILE-BASE is used as the base for the key and certificate
+files, while COMMON-NAME specifies the common name field of the
+certificate.
+
+The key and certificate files are written to in `elpher-certificate-directory'."
+ (let* ((key-file (concat elpher-certificate-directory file-base ".key"))
+ (cert-file (concat elpher-certificate-directory file-base ".crt")))
+ (elpher-generate-certificate common-name key-file cert-file)))
+
+(defun elpher-get-existing-certificate (file-base)
+ "Return a certificate object corresponding to an existing certificate.
+It is assumed that the key files FILE-BASE.key and FILE-BASE.crt exist in
+the directory `elpher-certificate-directory'."
+ (let* ((key-file (concat elpher-certificate-directory file-base ".key"))
+ (cert-file (concat elpher-certificate-directory file-base ".crt")))
+ (list (elpher-address-host (elpher-page-address elpher-current-page))
+ nil
+ (expand-file-name key-file)
+ (expand-file-name cert-file))))
+
+(defun elpher-install-and-use-existing-certificate (key-file-src cert-file-src file-base)
+ "Install a key+certificate file pair in `elpher-certificate-directory'.
+The strings KEY-FILE-SRC and CERT-FILE-SRC are the existing key and
+certificate files to install. The argument FILE-BASE is used as the
+base for the installed key and certificate files."
+ (let* ((key-file (concat elpher-certificate-directory file-base ".key"))
+ (cert-file (concat elpher-certificate-directory file-base ".crt")))
+ (if (or (file-exists-p key-file)
+ (file-exists-p cert-file))
+ (error "A certificate with base name %s is already installed" file-base))
+ (copy-file key-file-src key-file)
+ (copy-file cert-file-src cert-file)
+ (list (elpher-address-host (elpher-page-address elpher-current-page))
+ nil
+ (expand-file-name key-file)
+ (expand-file-name cert-file))))
+
+(defun elpher-list-existing-certificates ()
+ "Return a list of the persistent certificates in `elpher-certificate-directory'."
+ (unless (file-directory-p elpher-certificate-directory)
+ (make-directory elpher-certificate-directory))
+ (mapcar
+ (lambda (file)
+ (file-name-sans-extension file))
+ (directory-files elpher-certificate-directory nil "\\.key$")))
+
+(defun elpher-forget-current-certificate ()
+ "Causes any current certificate to be forgotten.)
+In the case of throwaway certificates, the key and certificate files
+are also deleted."
+ (interactive)
+ (when elpher-client-certificate
+ (unless (and (called-interactively-p 'any)
+ (not (y-or-n-p (concat "Really forget client certificate? "
+ "(Throwaway certificates will be deleted.)"))))
+ (when (cadr elpher-client-certificate)
+ (delete-file (elt elpher-client-certificate 2))
+ (delete-file (elt elpher-client-certificate 3)))
+ (setq elpher-client-certificate nil)
+ (if (called-interactively-p 'any)
+ (message "Client certificate forgotten.")))))
+
+(defun elpher-get-current-keylist (address)
+ "Retrieve the `gnutls-boot-parameters'-compatable keylist.
+
+This is obtained from the client certificate described by
+`elpher-current-certificate', if one is available and the host for
+that certificate matches the host in ADDRESS.
+
+If `elpher-current-certificate' is non-nil, and its host name doesn't
+match that of ADDRESS, the certificate is forgotten."
+ (if elpher-client-certificate
+ (if (string= (car elpher-client-certificate)
+ (elpher-address-host address))
+ (list (cddr elpher-client-certificate))
+ (elpher-forget-current-certificate)
+ (message "Disabling client certificate for new host")
+ nil)
+ nil))
+
+
+;;; Gopher selector retrieval
+;;
+
+(defun elpher-get-gopher-response (address renderer)
+ "Get response string from gopher server at ADDRESS and render using RENDERER."
+ (elpher-get-host-response address 70
+ (concat (elpher-gopher-address-selector address) "\r\n")
+ renderer
+ (or (string= (elpher-address-protocol address) "gophers")
+ elpher-use-tls)))
The Lambda Lab / projects / elpher.git / blobdiff