Work around gnutls failures

* net/network-stream.el (network-stream-open-starttls): If gnutls
negotiation fails, then possibly try again with a non-encrypted
connection.

Fixes: debbugs:9017

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 282035af2b9f9c1edc96155a7252de3cf8e86d91..9d80cd12ff79e391801213da19c1341d5ed6a78c 100644 (file)
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,5 +1,9 @@
 2011-07-07  Lars Magne Ingebrigtsen  <larsi@gnus.org>
 
+       * net/network-stream.el (network-stream-open-starttls): If gnutls
+       negotiation fails, then possibly try again with a non-encrypted
+       connection (bug#9017).
+
        * mail/smtpmail.el (smtpmail-stream-type): Note that `plain' can
        be used.
 

diff --git a/lisp/net/network-stream.el b/lisp/net/network-stream.el
index 038794e117df2794c2086bf40258dc4eaf65812d..bb09d8945c962465494ebed0565da0f3c4d48eda 100644 (file)
--- a/lisp/net/network-stream.el
+++ b/lisp/net/network-stream.el
@@ -263,8 +263,16 @@ functionality.
        ;; The server said it was OK to begin STARTTLS negotiations.
        (if builtin-starttls
            (let ((cert (network-stream-certificate host service parameters)))
-             (gnutls-negotiate :process stream :hostname host
-                               :keylist (and cert (list cert))))
+             (condition-case nil
+                 (gnutls-negotiate :process stream :hostname host
+                                   :keylist (and cert (list cert)))
+               ;; If we get a gnutls-specific error (for instance if
+               ;; the certificate the server gives us is completely
+               ;; syntactically invalid), then close the connection
+               ;; and possibly (further down) try to create a
+               ;; non-encrypted connection.
+               (gnutls-error
+                (delete-process stream))))
          (unless (starttls-negotiate stream)
            (delete-process stream)))
        (if (memq (process-status stream) '(open run))