Very crude C-level SSL support for Emacs 21

Created 2001-05-01


This patch add elisp primitives to add SSL over a TCP stream, using the Mozilla project's NSS which is a GPL'd SSL/TLS/SMIME/etc library.

The following piece of code demonstrates how it currently works (and this is ALL that's working right now):

(setq jas (open-network-stream "name" (current-buffer) "localhost" 1924))
(ssl-init (expand-file-name "~/.netscape"))
(ssl-start jas)
(process-send-string jas "GET /\r\n\r\n")

Obviously, you need something that answers on localhost:1924, such as for example NSS's "ssltap" to debug the SSL connection. Of course, you can change it to point at some HTTPS web site instead.

If you run the above, you should get a webpage back in the current buffer. If you tcpdump the wire you should see that the communication was encrypted.

How to build it

Check out NSS from Mozilla CVS and build it. I used the 3.2.1 relase. The binary packets I found did not include NSPR, but even if you find them as well, my work require the use of a private header file to get hold of SSL_ImportFD().

$ pwd
$ export
$ cvs login
      password is "anonymous"
$ cvs co -r NSPRPUB_RELEASE_4_1_1_BETA4 mozilla/nsprpub 
$ cvs co -r NSS_3_2_1_RTM mozilla/dbm mozilla/security/coreconf
$ cvs co -r NSS_3_2_1_RTM mozilla/security/nss mozilla/security/dbm
$ cd mozilla/security/nss
$ gmake nss_build_all

Apply the patch to Emacs (I used version 21.0.102):

$ pwd
$ patch -d emacs-21.0.102 -p 1 < emacs-21-ssl.patch
patching file src/process.c
patching file src/process.h
patching file src/sysdep.c
$ cd emacs-21.0.102
$ CFLAGS="-I/home/jas/src/mozilla/dist/Linux2.4_x86_glibc_PTH_DBG.OBJ/include -I/home/jas/src/mozilla/dist/public/security" ./configure
$ make CC="gcc -L/home/jas/src/mozilla/dist/Linux2.4_x86_glibc_PTH_DBG.OBJ/lib -Wl,-rpath,/home/jas/src/mozilla/dist/Linux2.4_x86_glibc_PTH_DBG.OBJ/lib -lssl3 -lsmime3 -lnss3 -lplc4 -lplds4 -lnspr4  -L/lib -lpthread -ldl -lc"

You need to update the path to the mozilla installation in CFLAGS and CC, but other than that you should be set. Try the code at the beginning of this page.

N.b.! This patch is only made available in order to make someone else ponder over the elisp API. I don't know what a good solution is, either a raw low-level interface to all NSS functions, or a little more high-level oriented interface. The code is really gross. (But hey, it only took 7 hours to do it from scratch.)