Set :use-starttls-if-possible so that we always use STARTTLS if the server supports it.

SMTP servers that support STARTTLS commonly require it.

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 21658c8ee2708f0edfb642a5ec7099a497408750..94f6437989a1ca08cabc31c1029075af11f07dd6 100644 (file)
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,5 +1,14 @@
 2011-06-21  Lars Magne Ingebrigtsen  <larsi@gnus.org>
 
+       * mail/smtpmail.el (smtpmail-via-smtp): Set
+       :use-starttls-if-possible so that we always use STARTTLS if the
+       server supports it.  SMTP servers that support STARTTLS commonly
+       require it.
+
+       * net/network-stream.el (network-stream-open-starttls): Support
+       upgrading to STARTTLS always, even if we don't have built-in support.
+       (open-network-stream): Add the :always-query-capabilies keyword.
+
        * mail/smtpmail.el: Rewritten to do opportunistic STARTTLS
        upgrades with `open-network-stream', and rely solely on
        auth-source for all credentials.  Big changes throughout the file,

diff --git a/lisp/mail/smtpmail.el b/lisp/mail/smtpmail.el
index a08cd7a3fa56911d88c404d7932e07a867fa6aea..7385eab497794ca284ae9041cfd077cd2d2d0534 100644 (file)
--- a/lisp/mail/smtpmail.el
+++ b/lisp/mail/smtpmail.el
@@ -627,7 +627,8 @@ The list is in preference order.")
                 (lambda (capabilities)
                   (and (string-match "-STARTTLS" capabilities)
                        "STARTTLS\r\n"))
-                :client-certificate t))
+                :client-certificate t
+                :use-starttls-if-possible t))
 
          ;; If we couldn't access the server at all, we give up.
          (unless (setq process (car result))

diff --git a/lisp/net/network-stream.el b/lisp/net/network-stream.el
index b75621beee4d4f463ca12bb294859f2699d184e4..161d7252d6eefb0aaacf663237ac50f0762bc186 100644 (file)
--- a/lisp/net/network-stream.el
+++ b/lisp/net/network-stream.el
@@ -120,6 +120,10 @@ values:
   certificate.  This parameter will only be used when doing TLS
   or STARTTLS connections.
 
+If :use-starttls-if-possible is non-nil, do opportunistic
+STARTTLS upgrades even if Emacs doesn't have built-in TLS
+functionality.
+
 :nowait is a boolean that says the connection should be made
   asynchronously, if possible."
   (unless (featurep 'make-network-process)
@@ -208,7 +212,8 @@ values:
     ;; If we have built-in STARTTLS support, try to upgrade the
     ;; connection.
     (when (and (or (fboundp 'open-gnutls-stream)
-                  (and require-tls
+                  (and (or require-tls
+                           (plist-get parameters :use-starttls-if-possible))
                        (executable-find "gnutls-cli")))
               capabilities success-string starttls-function
               (setq starttls-command
@@ -236,6 +241,10 @@ values:
                         starttls-extra-arguments)))
          (setq stream (starttls-open-stream name buffer host service)))
        (network-stream-get-response stream start eoc))
+      ;; Requery capabilities for protocols that require it; i.e.,
+      ;; EHLO for SMTP.
+      (when (plist-get parameters :always-query-capabilities)
+       (network-stream-command stream capability-command eoc))
       (when (string-match success-string
                          (network-stream-command stream starttls-command eoc))
        ;; The server said it was OK to begin STARTTLS negotiations.