From: Lars Magne Ingebrigtsen Date: Tue, 21 Jun 2011 22:55:52 +0000 (+0200) Subject: Set :use-starttls-if-possible so that we always use STARTTLS if the server supports it. X-Git-Tag: emacs-pretest-24.0.90~104^2~479 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=6af7a7844e0254fba81b2ba2992854bc2c169932;p=emacs.git Set :use-starttls-if-possible so that we always use STARTTLS if the server supports it. SMTP servers that support STARTTLS commonly require it. --- diff --git a/lisp/ChangeLog b/lisp/ChangeLog index 21658c8ee27..94f6437989a 100644 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog @@ -1,5 +1,14 @@ 2011-06-21 Lars Magne Ingebrigtsen + * mail/smtpmail.el (smtpmail-via-smtp): Set + :use-starttls-if-possible so that we always use STARTTLS if the + server supports it. SMTP servers that support STARTTLS commonly + require it. + + * net/network-stream.el (network-stream-open-starttls): Support + upgrading to STARTTLS always, even if we don't have built-in support. + (open-network-stream): Add the :always-query-capabilies keyword. + * mail/smtpmail.el: Rewritten to do opportunistic STARTTLS upgrades with `open-network-stream', and rely solely on auth-source for all credentials. Big changes throughout the file, diff --git a/lisp/mail/smtpmail.el b/lisp/mail/smtpmail.el index a08cd7a3fa5..7385eab4977 100644 --- a/lisp/mail/smtpmail.el +++ b/lisp/mail/smtpmail.el @@ -627,7 +627,8 @@ The list is in preference order.") (lambda (capabilities) (and (string-match "-STARTTLS" capabilities) "STARTTLS\r\n")) - :client-certificate t)) + :client-certificate t + :use-starttls-if-possible t)) ;; If we couldn't access the server at all, we give up. (unless (setq process (car result)) diff --git a/lisp/net/network-stream.el b/lisp/net/network-stream.el index b75621beee4..161d7252d6e 100644 --- a/lisp/net/network-stream.el +++ b/lisp/net/network-stream.el @@ -120,6 +120,10 @@ values: certificate. This parameter will only be used when doing TLS or STARTTLS connections. +If :use-starttls-if-possible is non-nil, do opportunistic +STARTTLS upgrades even if Emacs doesn't have built-in TLS +functionality. + :nowait is a boolean that says the connection should be made asynchronously, if possible." (unless (featurep 'make-network-process) @@ -208,7 +212,8 @@ values: ;; If we have built-in STARTTLS support, try to upgrade the ;; connection. (when (and (or (fboundp 'open-gnutls-stream) - (and require-tls + (and (or require-tls + (plist-get parameters :use-starttls-if-possible)) (executable-find "gnutls-cli"))) capabilities success-string starttls-function (setq starttls-command @@ -236,6 +241,10 @@ values: starttls-extra-arguments))) (setq stream (starttls-open-stream name buffer host service))) (network-stream-get-response stream start eoc)) + ;; Requery capabilities for protocols that require it; i.e., + ;; EHLO for SMTP. + (when (plist-get parameters :always-query-capabilities) + (network-stream-command stream capability-command eoc)) (when (string-match success-string (network-stream-command stream starttls-command eoc)) ;; The server said it was OK to begin STARTTLS negotiations.