;ELC
;;; Compiled by mockbuild@buildfarm06-new.corp.cloudlinux.com on Fri Oct 11 10:10:32 2024
;;; from file /builddir/build/BUILD/emacs-24.3/lisp/net/gnutls.el
;;; in Emacs version 24.3.1
;;; with all optimizations.

;;; This file uses dynamic docstrings, first added in Emacs 19.29.

;;; This file does not contain utf-8 non-ASCII characters,
;;; and so can be loaded in Emacs versions earlier than 23.

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;


(byte-code "\300\301\302\303\304\305\306\307\310\311&	\210\312\313\302\314\310\301\315\316&\210\312\317\320\321\310\301\315\322&\210\312\323\324\325\310\301\315\326&\210\312\327\330\331\315\332\310\301&\207" [custom-declare-group gnutls nil "Emacs interface to the GnuTLS library." :version "24.1" :prefix "gnutls-" :group net-utils custom-declare-variable gnutls-algorithm-priority "If non-nil, this should be a TLS priority string.\nFor instance, if you want to skip the \"dhe-rsa\" algorithm,\nset this variable to \"normal:-dhe-rsa\"." :type (choice (const nil) string) gnutls-verify-error t "If non-nil, this should be a list of checks per hostname regex or t." (choice (const t) (repeat :tag "List of hostname regexps with flags for each" (list (choice :tag "Hostname" (const ".*" :tag "Any hostname") regexp) (set (const :trustfiles) (const :hostname))))) gnutls-trustfiles '("/etc/ssl/certs/ca-certificates.crt" "/etc/pki/tls/certs/ca-bundle.crt" "/etc/ssl/ca-bundle.pem" "/usr/ssl/certs/ca-bundle.crt") "List of CA bundle location filenames or a function returning said list.\nThe files may be in PEM or DER format, as per the GnuTLS documentation.\nThe files may not exist, in which case they will be ignored." (choice (function :tag "Function to produce list of bundle filenames") (repeat (file :tag "Bundle filename"))) gnutls-min-prime-bits 1024 "Minimum number of prime bits accepted by GnuTLS for key exchange.\nDuring a Diffie-Hellman handshake, if the server sends a prime\nnumber with fewer than this number of bits, the handshake is\nrejected.  (The smaller the prime number, the less secure the\nkey exchange is against man-in-the-middle attacks.)\n\nA value of nil says to use the default GnuTLS value." (choice (const :tag "Use default value" nil) (integer :tag "Number of bits" 512))] 10)
#@1161 Open a SSL/TLS connection for a service to a host.
Returns a subprocess-object to represent the connection.
Input and output work as for subprocesses; `delete-process' closes it.
Args are NAME BUFFER HOST SERVICE.
NAME is name for process.  It is modified if necessary to make it unique.
BUFFER is the buffer (or `buffer-name') to associate with the process.
 Process output goes at end of that buffer, unless you specify
 an output stream or filter function to handle the output.
 BUFFER may be also nil, meaning that this process is not associated
 with any buffer
Third arg is name of the host to connect to, or its IP address.
Fourth arg SERVICE is name of the service desired, or an integer
specifying a port number to connect to.

Usage example:

  (with-temp-buffer
    (open-gnutls-stream "tls"
                        (current-buffer)
                        "your server goes here"
                        "imaps"))

This is a very simple wrapper around `gnutls-negotiate'.  See its
documentation for the specific parameters you can use to open a
GnuTLS connection, including specifying the credential type,
trust and key files, and priority string.
(defalias 'open-gnutls-stream #[(name buffer host service) "\304\305\306	\n$\307\310\311\n&\207" [name buffer host service gnutls-negotiate :process open-network-stream :type gnutls-x509pki :hostname] 7 (#$ . 2371)])
(byte-code "\300\301\302\303#\210\300\301\304\305#\207" [put gnutls-error error-conditions (error gnutls-error) error-message "GnuTLS error"] 4)
#@2485 Negotiate a SSL/TLS connection.  Returns proc.  Signals gnutls-error.

Note arguments are passed CL style, :type TYPE instead of just TYPE.

TYPE is `gnutls-x509pki' (default) or `gnutls-anon'.  Use nil for the default.
PROCESS is a process returned by `open-network-stream'.
HOSTNAME is the remote hostname.  It must be a valid string.
PRIORITY-STRING is as per the GnuTLS docs, default is "NORMAL".
TRUSTFILES is a list of CA bundles.  It defaults to `gnutls-trustfiles'.
CRLFILES is a list of CRL files.
KEYLIST is an alist of (client key file, client cert file) pairs.
MIN-PRIME-BITS is the minimum acceptable size of Diffie-Hellman keys
(see `gnutls-min-prime-bits' for more information).  Use nil for the
default.

VERIFY-HOSTNAME-ERROR is a backwards compatibility option for
putting `:hostname' in VERIFY-ERROR.

When VERIFY-ERROR is t or a list containing `:trustfiles', an
error will be raised when the peer certificate verification fails
as per GnuTLS' gnutls_certificate_verify_peers2.  Otherwise, only
warnings will be shown about the verification failure.

When VERIFY-ERROR is t or a list containing `:hostname', an error
will be raised when the hostname does not match the presented
certificate's host name.  The exact verification algorithm is a
basic implementation of the matching described in
RFC2818 (HTTPS), which takes into account wildcards, and the
DNSName/IPAddress subject alternative name PKIX extension.  See
GnuTLS' gnutls_x509_crt_check_hostname for details.  Otherwise,
only a warning will be issued.

Note that the list in `gnutls-verify-error', matched against the
HOSTNAME, is the default VERIFY-ERROR.

VERIFY-FLAGS is a numeric OR of verification flags only for
`gnutls-x509pki' connections.  See GnuTLS' x509.h for details;
here's a recent version of the list.

    GNUTLS_VERIFY_DISABLE_CA_SIGN = 1,
    GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 2,
    GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 4,
    GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 8,
    GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 16,
    GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32,
    GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 64,
    GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 128,
    GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 256

It must be omitted, a number, or nil; if omitted or nil it
defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT.

(fn &rest SPEC &key PROCESS TYPE HOSTNAME PRIORITY-STRING TRUSTFILES CRLFILES KEYLIST MIN-PRIME-BITS VERIFY-FLAGS VERIFY-ERROR VERIFY-HOSTNAME-ERROR &allow-other-keys)
(defalias 'gnutls-negotiate #[(&rest spec) "\306>A@\307>A@\310>A@\311>A@\312>A@\313>A@&\314>A@'\315>A@(\316>A@)\317>A@*\320>A@+\n\206M\321
\206g\322\323\324\325\326,!\203c, \202e,\"\"\f\206\210\n\327=\203v\330\202\210\n\321=\205\210-\203\207-\226\202\210\331*\206\250.\332=\203\231\332\202\250.<\203\247\333\334.\"\202\250\323*(\206\261/(\323\21101+\203\304\310*B*\335\f\310\3362\315(\312
\313&\314'\316)\317*\337BBBBBBBBBBBBBBBBBB0\340\341	\n0#\2111\3420#\210\3431!\203
\344\345	1D\"\210	.\207" [spec process type hostname priority-string trustfiles :process :type :hostname :priority-string :trustfiles :crlfiles :keylist :min-prime-bits :verify-flags :verify-error :verify-hostname-error gnutls-x509pki delq nil mapcar #[(f) "\205\301!\205\207" [f file-exists-p] 2] functionp gnutls-anon "NORMAL:+ANON-DH:!ARCFOUR-128" "NORMAL" t mapcan #[(check) "\302@	\"\205\nA\207" [check hostname string-match] 3] :priority :loglevel (:callbacks nil) gnutls-message-maybe gnutls-boot "boot: %s" gnutls-errorp signal gnutls-error crlfiles keylist min-prime-bits verify-flags verify-error verify-hostname-error gnutls-trustfiles gnutls-algorithm-priority gnutls-verify-error gnutls-min-prime-bits params ret gnutls-log-level] 20 (#$ . 3904)])
#@71 When DOIT, message with the caller name followed by FORMAT on PARAMS.
(defalias 'gnutls-message-maybe #[(doit format &rest params) "\303!\205\304\305\306\307!\310\301	\n\206\311#%\207" [doit format params gnutls-errorp message "%s: (err=[%s] %s) %s" "gnutls.el" gnutls-error-string apply (nil)] 9 (#$ . 7711)])
(provide 'gnutls)