C-level SSL support for Emacs 21

Created 2001-05-05

Introduction

This patch add low-level elisp bindings for (parts of) the Mozilla NSS API which is a GPL'd SSL/TLS/SMIME/etc library, to provide SSL support for TCP streams. A high-level elisp library compatibility with wmperry's ssl.el is also included.

The following piece of code demonstrates how it currently works:

(require 'ssl)
(setq jas (open-ssl-stream "https" (current-buffer) "www.pdc.kth.se" 443))
(process-send-string jas "GET /\r\n\r\n")

If you run the above, you should get a webpage back in the current buffer. If you tcpdump the wire you should see that the communication was encrypted.

How to build it

Check out NSS from Mozilla CVS and build it. I used the 3.2.1 relase. The binary packets I found did not include NSPR, but even if you find them as well, my work require the use of a private header file to get hold of SSL_ImportFD().

$ pwd
/home/jas/src
$ export CVSROOT=:pserver:[email protected]:/cvsroot
$ cvs login
      password is "anonymous"
$ cvs co -r NSPRPUB_RELEASE_4_1_1_BETA4 mozilla/nsprpub 
$ cvs co -r NSS_3_2_1_RTM mozilla/dbm mozilla/security/coreconf
$ cvs co -r NSS_3_2_1_RTM mozilla/security/nss mozilla/security/dbm
$ cd mozilla/security/nss
$ gmake nss_build_all

Apply the patch to Emacs (I used version 21.0.102):

$ pwd
/home/jas/src
$ patch -d emacs-21.0.102 -p 1 < emacs-21-ssl-2.patch
patching file lisp/net/ssl.el
patching file src/nss-stuff.c
patching file src/process.c
patching file src/process.h
patching file src/sysdep.c
$ cd emacs-21.0.102
$ CFLAGS="-I/home/jas/src/mozilla/dist/Linux2.4_x86_glibc_PTH_DBG.OBJ/include -I/home/jas/src/mozilla/dist/public/security" ./configure
$ make CC="gcc -L/home/jas/src/mozilla/dist/Linux2.4_x86_glibc_PTH_DBG.OBJ/lib -Wl,-rpath,/home/jas/src/mozilla/dist/Linux2.4_x86_glibc_PTH_DBG.OBJ/lib -lssl3 -lsmime3 -lnss3 -lplc4 -lplds4 -lnspr4  -L/lib -lpthread -ldl -lc"

You need to update the path to the mozilla installation in CFLAGS and CC, but other than that you should be set. Now try the code at the beginning of this page. Tell me if it did/didn't work.


[email protected]