\f
* Changes in Oort Gnus
+** TLS wrapper shipped with Gnus
+
+TLS/SSL is now supported in IMAP and NNTP via tls.el and GNUTLS. The
+old TLS/SSL support via (external third party) ssl.el and OpenSSL
+still works.
+
** New make.bat for compiling and installing Gnus under MS Windows
Use make.bat if you want to install Gnus under MS Windows, the first
+2003-03-23 Simon Josefsson <jas@extundo.com>
+
+ * rfc2047.el (rfc2047-header-encoding-alist): Make Followup-To
+ same as Newsgroups.
+
+ * nntp.el (nntp-open-connection-function): Mention
+ nntp-open-tls-stream.
+ (nntp-open-tls-stream): New function.
+
+ * tls.el: New file.
+
+ * nnimap.el (nnimap-server-port, nnimap-stream): Say TLS/SSL
+ instead of SSL.
+ (nnimap-stream): Add other streams, link to imap variables.
+ (nnimap-authenticator): Add other authenticator, link to imap
+ variables.
+
+ * imap.el: Autoload open-tls-stream.
+ (imap-streams): Add tls in front of ssl.
+ (imap-stream-alist): Add tls.
+ (imap-default-tls-port): New variable.
+ (imap-tls-p, imap-tls-open): New functions.
+
2003-03-22 ShengHuo ZHU <zsh@cs.rochester.edu>
* mm-url.el (mm-url-insert-file-contents): parse url only if
(autoload 'utf7-decode "utf7")
(autoload 'format-spec "format-spec")
(autoload 'format-spec-make "format-spec")
+ (autoload 'open-tls-stream "tls")
;; Avoid use gnus-point-at-eol so we're independent of Gnus. These
;; days we have point-at-eol anyhow.
(if (fboundp 'point-at-eol)
(defvar imap-fetch-data-hook nil
"Hooks called after receiving each FETCH response.")
-(defvar imap-streams '(gssapi kerberos4 starttls ssl network shell)
+(defvar imap-streams '(gssapi kerberos4 starttls tls ssl network shell)
"Priority of streams to consider when opening connection to server.")
(defvar imap-stream-alist
'((gssapi imap-gssapi-stream-p imap-gssapi-open)
(kerberos4 imap-kerberos4-stream-p imap-kerberos4-open)
+ (tls imap-tls-p imap-tls-open)
(ssl imap-ssl-p imap-ssl-open)
(network imap-network-p imap-network-open)
(shell imap-shell-p imap-shell-open)
(defconst imap-default-port 143)
(defconst imap-default-ssl-port 993)
+(defconst imap-default-tls-port 993)
(defconst imap-default-stream 'network)
(defconst imap-local-variables '(imap-server
imap-port
(message "imap: Opening SSL connection with `%s'...failed" cmd)
nil)))
+(defun imap-tls-p (buffer)
+ nil)
+
+(defun imap-tls-open (name buffer server port)
+ (let* ((port (or port imap-default-tls-port))
+ (coding-system-for-read imap-coding-system-for-read)
+ (coding-system-for-write imap-coding-system-for-write)
+ (process (open-tls-stream name buffer server port)))
+ (when process
+ (while (and (memq (process-status process) '(open run))
+ (set-buffer buffer) ;; XXX "blue moon" nntp.el bug
+ (goto-char (point-max))
+ (forward-line -1)
+ (not (imap-parse-greeting)))
+ (accept-process-output process 1)
+ (sit-for 1))
+ (and imap-log
+ (with-current-buffer (get-buffer-create imap-log-buffer)
+ (imap-disable-multibyte)
+ (buffer-disable-undo)
+ (goto-char (point-max))
+ (insert-buffer-substring buffer)))
+ (when (memq (process-status process) '(open run))
+ process))))
+
(defun imap-network-p (buffer)
t)
(defvoo nnimap-server-port nil
"Port number on physical IMAP server.
-If nil, defaults to 993 for SSL connections and 143 otherwise.")
+If nil, defaults to 993 for TLS/SSL connections and 143 otherwise.")
;; Splitting variables
Change this if
-1) you want to connect with SSL. The SSL integration with IMAP is
- brain-dead so you'll have to tell it specifically.
+1) you want to connect with TLS/SSL. The TLS/SSL integration
+ with IMAP is suboptimal so you'll have to tell it
+ specifically.
2) your server is more capable than your environment -- i.e. your
server accept Kerberos login's but you haven't installed the
`imtest' program or your machine isn't configured for Kerberos.
-Possible choices: kerberos4, ssl, network")
+Possible choices: gssapi, kerberos4, starttls, tls, ssl, network, shell.
+See also `imap-streams' and `imap-stream-alist'.")
(defvoo nnimap-authenticator nil
"How nnimap authenticate itself to the server.
installed the `imtest' program or your machine isn't configured for
Kerberos.
-Possible choices: kerberos4, cram-md5, login, anonymous.")
+Possible choices: gssapi, kerberos4, digest-md5, cram-md5, login, anonymous.
+See also `imap-authenticators' and `imap-authenticator-alist'")
(defvoo nnimap-directory (nnheader-concat gnus-directory "overview/")
"Directory to keep NOV cache files for nnimap groups.
Direct connections:
- `nntp-open-network-stream' (the default),
- `nntp-open-ssl-stream',
+- `nntp-open-tls-stream',
- `nntp-open-telnet-stream'.
Indirect connections:
(process-kill-without-query proc)
(save-excursion
(set-buffer buffer)
- (nntp-wait-for-string "^\r*20[01]")
+ (let ((nntp-connection-alist (list proc buffer nil)))
+ (nntp-wait-for-string "^\r*20[01]"))
+ (beginning-of-line)
+ (delete-region (point-min) (point))
+ proc)))
+
+(defun nntp-open-tls-stream (buffer)
+ (let ((proc (open-tls-stream "nntpd" buffer nntp-address nntp-port-number)))
+ (process-kill-without-query proc)
+ (save-excursion
+ (set-buffer buffer)
+ (let ((nntp-connection-alist (list proc buffer nil)))
+ (nntp-wait-for-string "^\r*20[01]"))
(beginning-of-line)
(delete-region (point-min) (point))
proc)))
(defvar rfc2047-header-encoding-alist
'(("Newsgroups" . nil)
+ ("Followup-To" . nil)
("Message-ID" . nil)
("\\(Resent-\\)?\\(From\\|Cc\\|To\\|Bcc\\|Reply-To\\|Sender\\)" .
"-A-Za-z0-9!*+/=_")
--- /dev/null
+;;; tls.el --- TLS/SSL support via wrapper around GnuTLS
+
+;; Copyright (C) 2003 Free Software Foundation, Inc.
+
+;; Author: Simon Josefsson <simon@josefsson.org>
+;; Keywords: comm, tls, gnutls, ssl
+
+;; This file is part of GNU Emacs.
+
+;; GNU Emacs is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 2, or (at your option)
+;; any later version.
+
+;; GNU Emacs is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+
+;; You should have received a copy of the GNU General Public License
+;; along with GNU Emacs; see the file COPYING. If not, write to the
+;; Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+;; Boston, MA 02111-1307, USA.
+
+;;; Commentary:
+
+;; This package implements a simple wrapper around "gnutls-cli" to
+;; make Emacs support TLS/SSL.
+;;
+;; Usage is the same as `open-network-stream', i.e.:
+;;
+;; (setq tmp (open-tls-stream "test" (current-buffer) "news.mozilla.org" 563))
+;; ...
+;; #<process test>
+;; (process-send-string tmp "mode reader\n")
+;; 200 secnews.netscape.com Netscape-Collabra/3.52 03615 NNRP ready ...
+;; nil
+;; (process-send-string tmp "quit\n")
+;; 205
+;; nil
+
+;; To use this package as a replacement for ssl.el by William M. Perry
+;; <wmperry@cs.indiana.edu>, you need to evaluate the following:
+;;
+;; (defalias 'open-ssl-stream 'open-tls-stream)
+
+;;; Code:
+
+(eval-and-compile
+ (autoload 'format-spec "format-spec")
+ (autoload 'format-spec-make "format-spec"))
+
+(defgroup tls nil
+ "Transport Layer Security (TLS) parameters."
+ :group 'comm)
+
+(defcustom tls-program '("gnutls-cli -p %p %h"
+ "gnutls-cli -p %p %h --protocols ssl3")
+ "List of strings containing commands to start TLS stream to a host.
+Each entry in the list is tried until a connection is successful.
+%s is replaced with server hostname, %p with port to connect to.
+The program should read input on stdin and write output to
+stdout. Also see `tls-success' for what the program should output
+after successful negotiation."
+ :type '(repeat string)
+ :group 'tls)
+
+(defcustom tls-process-connection-type nil
+ "*Value for `process-connection-type' to use when starting process."
+ :type 'boolean
+ :group 'tls)
+
+(defcustom tls-success "- Handshake was completed"
+ "*Regular expression indicating completed TLS handshakes.
+The default is what GNUTLS's \"gnutls-cli\" outputs."
+ :type 'regexp
+ :group 'tls)
+
+(defun open-tls-stream (name buffer host service)
+ "Open a TLS connection for a service to a host.
+Returns a subprocess-object to represent the connection.
+Input and output work as for subprocesses; `delete-process' closes it.
+Args are NAME BUFFER HOST SERVICE.
+NAME is name for process. It is modified if necessary to make it unique.
+BUFFER is the buffer (or buffer-name) to associate with the process.
+ Process output goes at end of that buffer, unless you specify
+ an output stream or filter function to handle the output.
+ BUFFER may be also nil, meaning that this process is not associated
+ with any buffer
+Third arg is name of the host to connect to, or its IP address.
+Fourth arg SERVICE is name of the service desired, or an integer
+specifying a port number to connect to."
+ (let ((cmds tls-program) cmd done)
+ (message "Opening TLS connection to `%s'..." host)
+ (while (and (not done) (setq cmd (pop cmds)))
+ (message "Opening TLS connection with `%s'..." cmd)
+ (let* ((process-connection-type tls-process-connection-type)
+ (process (start-process
+ name buffer shell-file-name shell-command-switch
+ (format-spec
+ cmd
+ (format-spec-make
+ ?h host
+ ?p (if (integerp service)
+ (int-to-string service)
+ service)))))
+ response)
+ (while (and process
+ (memq (process-status process) '(open run))
+ (save-excursion
+ (set-buffer buffer) ;; XXX "blue moon" nntp.el bug
+ (goto-char (point-min))
+ (not (setq done (re-search-forward tls-success nil t)))))
+ (accept-process-output process 1)
+ (sit-for 1))
+ (message "Opening TLS connection with `%s'...%s" cmd
+ (if done "done" "failed"))
+ (if done
+ (setq done process)
+ (delete-process process))))
+ (message "Opening TLS connection to `%s'...%s"
+ host (if done "done" "failed"))
+ done))
+
+(provide 'tls)
+
+;;; tls.el ends here
+2003-03-23 Simon Josefsson <jas@extundo.com>
+
+ * gnus.texi (Direct Functions, Common Variables)
+ (Mail Source Specifiers, IMAP): Add TLS wherever SSL is mentioned
+ now.
+
2003-03-23 Jesper Harder <harder@ifa.au.dk>
* gnus.texi (Group Information, Article Washing)
@item nntp-open-network-stream
\e$B$3$l$O%G%#%U%)%k%H$G!"C1=c$K1s3V%7%9%F%`$N%]!<%H$J$I$K@\B3$7$^$9!#\e(B
+@findex nntp-open-tls-stream
+@item nntp-open-tls-stream
+@dfn{\e$B0BA4$J\e(B} \e$B%A%c%s%M%k$r;H$C$F%5!<%P!<$K@\B3$7$^$9!#$3$l$r;H$&$?$a$K$O!"\e(B
+GNUTLS (@uref{http://www.gnu.org/software/gnutls/} \e$B;2>H\e(B) \e$B$r%$%s%9%H!<%k\e(B
+\e$B$7$F$*$+$J$1$l$P$J$j$^$;$s!#$=$l$+$i%5!<%P!<$r<!$N$h$&$KDj5A$7$^$9\e(B:
+
+@lisp
+;; \e$B%]!<%H\e(B 563 \e$B$,\e(B "nntps" \e$B$H$7$F\e(B /etc/services \e$B$GDj5A:Q$_$G$"$C$F$b\e(B
+;; gnutls-cli -p \e$B$G$=$NL>A0$O;H$($^$;$s!#\e(B
+;;
+(nntp "snews.bar.com"
+ (nntp-open-connection-function nntp-open-tls-stream)
+ (nntp-port-number )
+ (nntp-address "snews.bar.com"))
+@end lisp
+
@findex nntp-open-ssl-stream
@item nntp-open-ssl-stream
@dfn{\e$B0BA4$J\e(B} \e$B%A%c%s%M%k$r;H$C$F%5!<%P!<$K@\B3$7$^$9!#$3$l$r;H$&$?$a$K$O!"\e(B
-OpenSSL (@uref{http://www.openssl.org}) \e$B$+\e(B SSLeay \e$B$,%$%s%9%H!<%k$5$l$F$$\e(B
+OpenSSL (@uref{http://www.openssl.org}) \e$B$+\e(B SSLeay \e$B$r%$%s%9%H!<%k$7$F$*$+\e(B
\e$B$J$1$l$P$J$j$^$;$s!#$=$l$+$i%5!<%P!<$r<!$N$h$&$KDj5A$7$^$9\e(B:
@lisp
-;; \e$BJT=8$7=*$o$C$?$i\e(B `C-c C-c' \e$B$r%?%$%W$7$F2<$5$$!#\e(B
-;;
;; \e$B%]!<%H\e(B 563 \e$B$,\e(B "snews" \e$B$H$7$F\e(B /etc/services \e$B$GDj5A:Q$_$G$"$C$F$b\e(B
;; openssl s_client -port \e$B$G$=$NL>A0$O;H$($^$;$s!#\e(B
;;
@item nntp-pre-command
@vindex nntp-pre-command
\e$BAG$N@\B3MQ$N4X\e(B
-\e$B?t\e(B (@code{nntp-open-network-stream} \e$B$H\e(B @code{nntp-open-ssl-stream} \e$B$@$1\e(B
-\e$B$@$H;W$&\e(B) \e$B$G$O$J$$$b$N$rDL$7$F@\B3$9$k$H$-$K;H$&%3%^%s%I%i%C%Q!<$G$9!#Nc\e(B
-\e$B$($P$"$J$?$O\e(B @samp{SOCKS} \e$B%i%C%Q!<$r3d$jEv$F$k$G$7$g$&!#\e(B
+\e$B?t\e(B (@code{nntp-open-network-stream}\e$B!"\e(B@code{nntp-open-tls-stream} \e$B$*$h\e(B
+\e$B$S\e(B @code{nntp-open-ssl-stream} \e$B$@$1$@$H;W$&\e(B) \e$B$G$O$J$$$b$N$rDL$7$F@\B3$9\e(B
+\e$B$k$H$-$K;H$&%3%^%s%I%i%C%Q!<$G$9!#Nc$($P$"$J$?$O\e(B @samp{SOCKS} \e$B%i%C%Q!<$r\e(B
+\e$B3d$jEv$F$k$G$7$g$&!#\e(B
@item nntp-address
@vindex nntp-address
@item nntp-port-number
@vindex nntp-port-number
\e$B@\B3$9$k\e(B @sc{nntp} \e$B%5!<%P!<$N%]!<%HHV9f$G$9!#%G%#%U%)%k%H\e(B
-\e$B$O\e(B @samp{nntp} \e$B$G$9!#\e(B@sc{ssl} \e$B$r2p$7$?\e(B @sc{nntp} \e$B$r;H$&$K$O!"%]!<%H$NL>\e(B
-\e$BA0$G$O$J$/$F@0?t\e(B (\e$B$D$^$j\e(B @samp{snews} \e$B$G$O$J$/$F\e(B @samp{563}) \e$B$r;XDj$7$F\e(B
-\e$B2<$5$$!#30It$N\e(B SSL \e$B%D!<%k$O%]!<%H$NL>A0$G$OF0:n$7$J$$$+$i$G$9!#\e(B
+\e$B$O\e(B @samp{nntp} \e$B$G$9!#\e(B@sc{tls}/@sc{ssl} \e$B$r2p$7$?\e(B @sc{nntp} \e$B$r;H$&$K$O!"%]!<\e(B
+\e$B%H$NL>A0$G$O$J$/$F@0?t\e(B (\e$B$D$^$j\e(B @samp{snews} \e$B$d\e(B @samp{nntps} \e$B$G$O$J$/\e(B
+\e$B$F\e(B @samp{563}) \e$B$r;XDj$7$F2<$5$$!#30It$N\e(B TLS/SSL \e$B%D!<%k$O%]!<%H$NL>A0$G$O\e(B
+\e$BF0:n$7$J$$$+$i$G$9!#\e(B
@item nntp-end-of-line
@vindex nntp-end-of-line
\e$B$?\e(B @sc{imap} \e$B%a!<%k%\%C%/%9$+$i5-;v$r<hF@$7$^$9!#>\$7$/$O\e(B @xref{IMAP} \e$B$r\e(B
\e$B;2>H$7$F2<$5$$!#\e(B
-Kerberos, GSSAPI, SSL/TLS \e$B$*$h$S\e(B STARTTLS \e$B$N$?$a$N30It%W%m%0%i%`$H%i%$%V\e(B
-\e$B%i%j$,I,MW$G$"$k$3$H$KN10U$7$F2<$5$$!#\e(B@xref{IMAP}
+Kerberos, GSSAPI, TLS/SSL \e$B$*$h$S\e(B STARTTLS \e$B$N$?$a$N30It%W%m%0%i%`$H%i%$%V\e(B
+\e$B%i%j$,I,MW$G$"$k$3$H$KN10U$7$F2<$5$$!#\e(B@xref{IMAP}\e$B!#\e(B
\e$B%-!<%o!<%I\e(B:
@sc{imap} \e$B%5!<%P!<$NL>A0!#=i4|CM$O4D6-JQ?t\e(B @code{MAILHOST} \e$B$+$iF@$^$9!#\e(B
@item :port
-@sc{imap} \e$B%5!<%P!<$N%]!<%HHV9f!#IaDL$O=i4|CM$O\e(B @samp{143} \e$B$G!"\e(BSSL/TLS \e$B@\\e(B
+@sc{imap} \e$B%5!<%P!<$N%]!<%HHV9f!#IaDL$O=i4|CM$O\e(B @samp{143} \e$B$G!"\e(BTLS/SSL \e$B@\\e(B
\e$BB3$K$O\e(B @samp{993} \e$B$G$9!#\e(B
@item :user
@item :stream
\e$B%5!<%P!<$K@\B3$9$k$H$-$K;H$&%9%H%j!<%`!#\e(B@code{imap-stream-alist} \e$B$K$"$k\e(B
\e$B%7%s%\%k$NCf$N$R$H$D$r@_Dj$7$^$9!#8=>u$G$O\e(B @samp{gssapi},
-@samp{kerberos4}, @samp{starttls}, @samp{ssl}, @samp{shell} \e$B$^$?$O=i4|CM\e(B
-\e$B$N\e(B @samp{network} \e$B$K$J$j$^$9!#\e(B
+@samp{kerberos4}, @samp{starttls}, @samp{tls}, @samp{ssl},
+@samp{shell} \e$B$^$?$O=i4|CM$N\e(B @samp{network} \e$B$K$J$j$^$9!#\e(B
@item :authentication
\e$B%5!<%P!<$G$NG'>Z$K$I$NG'>ZK!$r;H$&$+!#$3$l\e(B
\e$B$J$j$^$9!#$3$l$,$3$3$G@bL@$9$k;H$$J}$G$9!#\e(B
\e$B$$$/$D$+$N\e(B @sc{imap} \e$B%5!<%P!<$r\e(B @file{~/.gnus} \e$B$G@_Dj$9$k$H!"$?$V$s0J2<\e(B
-\e$B$N$h$&$J$b$N$K$J$k$G$7$g$&!#\e(B(\e$BCm\e(B: SSL/TLS \e$B$G$O30It%W%m%0%i%`$H%i%$%V%i%j\e(B
+\e$B$N$h$&$J$b$N$K$J$k$G$7$g$&!#\e(B(\e$BCm\e(B: TLS/SSL \e$B$G$O30It%W%m%0%i%`$H%i%$%V%i%j\e(B
\e$B$,I,MW$G$9!#0J2<$r;2>H$7$F2<$5$$!#\e(B)
@lisp
@item nnimap-server-port
@vindex nnimap-server-port
-\e$B@\B3$r;n$_$k%5!<%P!<$N%]!<%H$G$9!#=i4|CM$G$O!"%]!<%H\e(B 143 \e$B$+!"\e(BSSL \e$B$G\e(B
-\e$B$O\e(B 993 \e$B$G$9!#\e(B
+\e$B@\B3$r;n$_$k%5!<%P!<$N%]!<%H$G$9!#%G%#%U%)%k%H$O%]!<%H\e(B 143\e$B!"$^$?\e(B
+\e$B$O\e(B TLS/SSL \e$B$G$O\e(B 993 \e$B$G$9!#\e(B
\e$B$3$l$O@0?t$G$J$1$l$P$J$j$^$;$s!#0J2<$O%5!<%P!<;XDj$NNc$G$9!#\e(B
@item nnimap-stream
@vindex nnimap-stream
\e$B%5!<%P!<$K@\B3$9$k$H$-$K;H$o$l$k%9%H%j!<%`$N7?$G$9!#=i4|@_Dj$G\e(B
-\e$B$O\e(B nnimap \e$B$O\e(B SSL/TLS \e$B$r=|$/0J2<$N$9$Y$F$r<+F0E*$K8!CN$7$F$=$l$r;H$$$^$9!#\e(B
-(SSL/TLS \e$B$r;H$&\e(B @sc{imap} \e$B$O\e(B STARTTLS \e$B$GCV$-49$($i$l$F$$$^$9!#$3$l$O<+F0\e(B
+\e$B$O\e(B nnimap \e$B$O\e(B TLS/SSL \e$B$r=|$/0J2<$N$9$Y$F$r<+F0E*$K8!CN$7$F$=$l$r;H$$$^$9!#\e(B
+(TLS/SSL \e$B$r;H$&\e(B @sc{imap} \e$B$O\e(B STARTTLS \e$B$GCV$-49$($i$l$F$$$^$9!#$3$l$O<+F0\e(B
\e$B8!=P$G$-$^$9$,!"$^$@9-HO0O$KG[Hw$5$l$F$$$^$;$s!#\e(B)
\e$B0J2<$O%5!<%P!<;XDj$NNc$G$9!#\e(B
@dfn{kerberos4:} Kerberos 4 \e$B$r;H$$$^$9!#\e(B@samp{imtest} \e$B%W%m%0%i%`$,I,MW$G\e(B
\e$B$9!#\e(B
@item
-@dfn{starttls:} STARTTLS (SSL \e$B$KN`;w\e(B) \e$B$r;H$$$^$9!#30It%i%$%V%i\e(B
+@dfn{starttls:} STARTTLS (TLS/SSL \e$B$KN`;w\e(B) \e$B$r;H$$$^$9!#30It%i%$%V%i\e(B
\e$B%j\e(B @samp{starttls.el} \e$B$H\e(B @samp{starttls} \e$B%W%m%0%i%`$,I,MW$G$9!#\e(B
@item
+@dfn{tls:} TLS \e$B$r;H$$$^$9!#\e(BGNUTLS (@samp{gnutls-cli} \e$B%W%m%0%i%`\e(B) \e$B$,I,MW\e(B
+\e$B$G$9!#\e(B
+@item
@dfn{ssl:} SSL \e$B$r;H$$$^$9!#\e(BOpenSSL (@samp{openssl} \e$B%W%m%0%i%`\e(B) \e$B$+\e(B SSLeay
(@samp{s_client}) \e$B$,I,MW$G$9!#\e(B
@item
\e$B?t\e(B @code{imap-kerberos4-program} \e$B$O\e(B imtest \e$B%W%m%0%i%`$KEO$9%Q%?%a!<%?$r\e(B
\e$B4^$_$^$9!#\e(B
+TLS \e$B@\B3$G$O\e(B GNUTLS \e$BM3Mh$N\e(B @code{gnutls-cli} \e$B%W%m%0%i%`$,I,MW$G$9!#$3$l\e(B
+\e$B$O\e(B @uref{http://www.gnu.org/software/gnutls/} \e$B$+$i<j$KF~$l$k$3$H$,$G$-$^\e(B
+\e$B$9!#\e(B
+
@vindex imap-ssl-program
SSL \e$B@\B3$N$?$a$N\e(B OpenSSL \e$B%W%m%0%i%`$O\e(B @uref{http://www.openssl.org/} \e$B$+\e(B
\e$B$iF~<j$G$-$^$9!#\e(BOpenSSL \e$B$O0JA0$O\e(B SSLeay \e$B$H$7$FCN$i$l$F$$$?$b$N$G!"\e(B
This is the default, and simply connects to some port or other on the
remote system.
+@findex nntp-open-tls-stream
+@item nntp-open-tls-stream
+Opens a connection to a server over a @dfn{secure} channel. To use
+this you must have GNUTLS installed (see
+@uref{http://www.gnu.org/software/gnutls/}). You then define a server
+as follows:
+
+@lisp
+;; "nntps" is port 563 and is predefined in our /etc/services
+;; however, gnutls-cli -p doesn't like named ports.
+;;
+(nntp "snews.bar.com"
+ (nntp-open-connection-function nntp-open-tls-stream)
+ (nntp-port-number )
+ (nntp-address "snews.bar.com"))
+@end lisp
+
@findex nntp-open-ssl-stream
@item nntp-open-ssl-stream
Opens a connection to a server over a @dfn{secure} channel. To use this
define a server as follows:
@lisp
-;; Type `C-c C-c' after you've finished editing.
-;;
;; "snews" is port 563 and is predefined in our /etc/services
-;; however, openssl s_client -port doesn't like named ports
+;; however, openssl s_client -port doesn't like named ports.
;;
(nntp "snews.bar.com"
(nntp-open-connection-function nntp-open-ssl-stream)
@item nntp-pre-command
@vindex nntp-pre-command
-A command wrapper to use when connecting through a non native connection
-function (all except @code{nntp-open-network-stream} and
-@code{nntp-open-ssl-stream}. This is where you would put a @samp{SOCKS}
-wrapper for instance.
+A command wrapper to use when connecting through a non native
+connection function (all except @code{nntp-open-network-stream},
+@code{nntp-open-tls-stream}, and @code{nntp-open-ssl-stream}. This is
+where you would put a @samp{SOCKS} wrapper for instance.
@item nntp-address
@vindex nntp-address
@item nntp-port-number
@vindex nntp-port-number
-Port number to connect to the @sc{nntp} server. The default is @samp{nntp}.
-If you use @sc{nntp} over @sc{ssl}, you may want to use integer ports rather
-than named ports (i.e, use @samp{563} instead of @samp{snews}), because
-external SSL tools may not work with named ports.
+Port number to connect to the @sc{nntp} server. The default is
+@samp{nntp}. If you use @sc{nntp} over @sc{tls}/@sc{ssl}, you may
+want to use integer ports rather than named ports (i.e, use @samp{563}
+instead of @samp{snews} or @samp{nntps}), because external TLS/SSL
+tools may not work with named ports.
@item nntp-end-of-line
@vindex nntp-end-of-line
and fetches articles from a given @sc{imap} mailbox. @xref{IMAP}, for
more information.
-Note that for the Kerberos, GSSAPI, SSL/TLS and STARTTLS support you
+Note that for the Kerberos, GSSAPI, TLS/SSL and STARTTLS support you
may need external programs and libraries, @xref{IMAP}.
Keywords:
@item :port
The port number of the @sc{imap} server. The default is @samp{143}, or
-@samp{993} for SSL/TLS connections.
+@samp{993} for TLS/SSL connections.
@item :user
The user name to give to the @sc{imap} server. The default is the login
@item :stream
What stream to use for connecting to the server, this is one of the
symbols in @code{imap-stream-alist}. Right now, this means
-@samp{gssapi}, @samp{kerberos4}, @samp{starttls}, @samp{ssl},
-@samp{shell} or the default @samp{network}.
+@samp{gssapi}, @samp{kerberos4}, @samp{starttls}, @samp{tls},
+@samp{ssl}, @samp{shell} or the default @samp{network}.
@item :authentication
Which authenticator to use for authenticating to the server, this is
usage explained in this section.
A server configuration in @file{~/.gnus} with a few @sc{imap} servers
-might look something like the following. (Note that for SSL/TLS, you
+might look something like the following. (Note that for TLS/SSL, you
need external programs and libraries, see below.)
@lisp
@item nnimap-server-port
@vindex nnimap-server-port
-Port on server to contact. Defaults to port 143, or 993 for SSL.
+Port on server to contact. Defaults to port 143, or 993 for TLS/SSL.
Note that this should be an integer, example server specification:
@vindex nnimap-stream
The type of stream used to connect to your server. By default, nnimap
will detect and automatically use all of the below, with the exception
-of SSL/TLS. (@sc{imap} over SSL/TLS is being replaced by STARTTLS, which
+of TLS/SSL. (@sc{imap} over TLS/SSL is being replaced by STARTTLS, which
can be automatically detected, but it's not widely deployed yet.)
Example server specification:
@dfn{kerberos4:} Connect with Kerberos 4. Requires the @samp{imtest} program.
@item
@dfn{starttls:} Connect via the STARTTLS extension (similar to
-SSL). Requires the external library @samp{starttls.el} and program
+TLS/SSL). Requires the external library @samp{starttls.el} and program
@samp{starttls}.
@item
+@dfn{tls:} Connect through TLS. Requires GNUTLS (the program
+@samp{gnutls-cli}).
+@item
@dfn{ssl:} Connect through SSL. Requires OpenSSL (the program
@samp{openssl}) or SSLeay (@samp{s_client}).
@item
@code{imap-kerberos4-program} contain parameters to pass to the imtest
program.
+For TLS connection, the @code{gnutls-cli} program from GNUTLS is
+needed. It is available from
+@uref{http://www.gnu.org/software/gnutls/}.
+
@vindex imap-ssl-program
For SSL connections, the OpenSSL program is available from
@uref{http://www.openssl.org/}. OpenSSL was formerly known as SSLeay,
projects / elisp / gnus.git- / commitdiff