Call the network security manager after doing TLS negotiation

* lisp/net/network-stream.el (network-stream-open-tls): Postpone NSM verification when running async. * src/process.c (Fset_process_filter): This function doesn't need to wait. (connect_network_socket): Set the process status to "run" only after TLS negotiation. (wait_for_socket_fds): Take a name parameter for more debugging. (wait_reading_process_output): Don't change status to "run" unless TLS negotiation has finished. (send_process): Wait for the process here instead of send_process_string. (connect_network_socket): Call the network security manager.
2016-02-15 18:24:08 +11:00 · 2016-02-15 18:24:08 +11:00 · 9c74f2fea6
commit 9c74f2fea6
parent 40155283c3
2 changed files with 102 additions and 56 deletions
--- a/lisp/net/network-stream.el
+++ b/lisp/net/network-stream.el
@ -372,27 +372,29 @@ gnutls-boot (as returned by `gnutls-boot-parameters')."
                                    (plist-get parameters :nowait))
              (open-tls-stream name buffer host service)))
 	   (eoc (plist-get parameters :end-of-command)))
-      ;; Check certificate validity etc.
-      (when (and (gnutls-available-p) stream)
-	(setq stream (nsm-verify-connection stream host service)))
-      (if (null stream)
-	  (list nil nil nil 'plain)
-	;; If we're using tls.el, we have to delete the output from
-	;; openssl/gnutls-cli.
-	(when (and (not (gnutls-available-p))
-		   eoc)
-	  (network-stream-get-response stream start eoc)
-	  (goto-char (point-min))
-	  (when (re-search-forward eoc nil t)
-	    (goto-char (match-beginning 0))
-	    (delete-region (point-min) (line-beginning-position))))
-	(let ((capability-command (plist-get parameters :capability-command))
-	      (eo-capa (or (plist-get parameters :end-of-capability)
-			   eoc)))
-	  (list stream
-		(network-stream-get-response stream start eoc)
-		(network-stream-command stream capability-command eo-capa)
-		'tls))))))
+      (if (plist-get parameters :nowait)
+          (list stream nil nil 'tls)
+        ;; Check certificate validity etc.
+        (when (and (gnutls-available-p) stream)
+          (setq stream (nsm-verify-connection stream host service)))
+        (if (null stream)
+            (list nil nil nil 'plain)
+          ;; If we're using tls.el, we have to delete the output from
+          ;; openssl/gnutls-cli.
+          (when (and (not (gnutls-available-p))
+                     eoc)
+            (network-stream-get-response stream start eoc)
+            (goto-char (point-min))
+            (when (re-search-forward eoc nil t)
+              (goto-char (match-beginning 0))
+              (delete-region (point-min) (line-beginning-position))))
+          (let ((capability-command (plist-get parameters :capability-command))
+                (eo-capa (or (plist-get parameters :end-of-capability)
+                             eoc)))
+            (list stream
+                  (network-stream-get-response stream start eoc)
+                  (network-stream-command stream capability-command eo-capa)
+                  'tls)))))))

 (defun network-stream-open-shell (name buffer host service parameters)
  (require 'format-spec)