From 57173b965f2fb2265f4aeb65b5076b4a63816394 Mon Sep 17 00:00:00 2001
From: Lars Magne Ingebrigtsen <larsi@gnus.org>
Date: Wed, 17 Aug 2011 22:50:33 +0200
Subject: [PATCH] (network-stream-open-starttls): Support using starttls.el
 without using gnutls-cli.

---
 lisp/ChangeLog             |  5 +++++
 lisp/net/network-stream.el | 10 +++++++---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 38a463ddb58..9603acec917 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,8 @@
+2011-08-17  Lars Magne Ingebrigtsen  <larsi@gnus.org>
+
+	* net/network-stream.el (network-stream-open-starttls): Support
+	using starttls.el without using gnutls-cli.
+
 2011-08-17  Juri Linkov  <juri@jurta.org>
 
 	* progmodes/grep.el (rgrep): Handle the case when
diff --git a/lisp/net/network-stream.el b/lisp/net/network-stream.el
index ceb094cded7..0c3d0285f91 100644
--- a/lisp/net/network-stream.el
+++ b/lisp/net/network-stream.el
@@ -237,13 +237,13 @@ functionality.
       (unless builtin-starttls
 	(delete-process stream)
 	(setq start (with-current-buffer buffer (point-max)))
-	(let* ((starttls-use-gnutls t)
-	       (starttls-extra-arguments
+	(let* ((starttls-extra-arguments
 		(if require-tls
 		    starttls-extra-arguments
 		  ;; For opportunistic TLS upgrades, we don't really
 		  ;; care about the identity of the peer.
 		  (cons "--insecure" starttls-extra-arguments)))
+	       (starttls-extra-args starttls-extra-args)
 	       (cert (network-stream-certificate host service parameters)))
 	  ;; There are client certificates requested, so add them to
 	  ;; the command line.
@@ -251,7 +251,11 @@ functionality.
 	    (setq starttls-extra-arguments
 		  (nconc (list "--x509keyfile" (expand-file-name (nth 0 cert))
 			       "--x509certfile" (expand-file-name (nth 1 cert)))
-			 starttls-extra-arguments)))
+			 starttls-extra-arguments)
+		  starttls-extra-args
+		  (nconc (list "--key-file" (expand-file-name (nth 0 cert))
+			       "--cert-file" (expand-file-name (nth 1 cert)))
+			 starttls-extra-args)))
 	  (setq stream (starttls-open-stream name buffer host service)))
 	(network-stream-get-response stream start eoc)
 	;; Requery capabilities for protocols that require it; i.e.,
-- 
2.39.5