From: Lars Magne Ingebrigtsen Date: Fri, 1 Oct 2010 12:56:44 +0000 (+0000) Subject: Give up on using gnutls-cli for starttls. X-Git-Tag: emacs-pretest-24.0.90~104^2~275^2~438^2~46^2~267 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=aecb42aa494ca9edb75bb700a807bd9eeed82dca;p=emacs.git Give up on using gnutls-cli for starttls. --- diff --git a/lisp/ChangeLog b/lisp/ChangeLog index fb364f9651e..235aec2f478 100644 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog @@ -1,3 +1,10 @@ +2010-10-01 Lars Magne Ingebrigtsen + + * net/tls.el (tls-starttls-switches): Give up on using starttls with + gnutls-cli. + (tls-program): Add --insecure to be consistent with the defaults from + openssl s_client. Now all three commands are insecure. + 2010-10-01 Eli Zaretskii * makefile.w32-in (DEST, TAGS, TAGS-LISP, TAGS-nmake) diff --git a/lisp/gnus/ChangeLog b/lisp/gnus/ChangeLog index 32b6716c970..4737a414545 100644 --- a/lisp/gnus/ChangeLog +++ b/lisp/gnus/ChangeLog @@ -1,3 +1,8 @@ +2010-10-01 Lars Magne Ingebrigtsen + + * nnimap.el (nnimap-extend-tls-programs): Only extend those programs + for starttls that tls.el implements; i.e. openssl. + 2010-10-01 Katsumi Yamaoka * gravatar.el: Don't load image.el that XEmacs doesn't provide. diff --git a/lisp/gnus/nnimap.el b/lisp/gnus/nnimap.el index 4d26cdb6371..70aa573525f 100644 --- a/lisp/gnus/nnimap.el +++ b/lisp/gnus/nnimap.el @@ -404,7 +404,11 @@ textual parts.") (unless (consp programs) (setq programs (list programs))) (dolist (program programs) - (push (concat program " " "%s") result)) + (when (assoc (car (split-string program)) tls-starttls-switches) + (push (if (not (string-match "%s" program)) + (concat program " " "%s") + program) + result))) (nreverse result))) (defun nnimap-find-parameter (parameter elems) diff --git a/lisp/net/tls.el b/lisp/net/tls.el index ad0768968e5..daa1c18c8bf 100644 --- a/lisp/net/tls.el +++ b/lisp/net/tls.el @@ -76,12 +76,11 @@ and `gnutls-cli' (version 2.0.1) output." :group 'tls) (defvar tls-starttls-switches - '(("gnutls-cli" "-s") - ("openssl" "-starttls imap")) + '(("openssl" "-starttls imap")) "Alist of programs and the switches necessary to get starttls behaviour.") -(defcustom tls-program '("gnutls-cli %s -p %p %h" - "gnutls-cli %s -p %p %h --protocols ssl3" +(defcustom tls-program '("gnutls-cli --insecure -p %p %h" + "gnutls-cli --insecure -p %p %h --protocols ssl3" "openssl s_client %s -connect %h:%p -no_ssl2 -ign_eof") "List of strings containing commands to start TLS stream to a host. Each entry in the list is tried until a connection is successful.