
# HG changeset patch
# User Katsumi Yamaoka <yamaoka@jpl.org>
# Date 1285937804 0
# Node ID 400dd9dfdb7bcc495465ddf13bb189b3c3785b97
# Parent  7e83565f8d0e16ff124e5e90b6a1c330ca4d594d
Give up on using gnutls-cli for starttls.

diff -r 7e83565f8d0e -r 400dd9dfdb7b lisp/ChangeLog
--- a/lisp/ChangeLog	Fri Oct 01 05:25:21 2010 -0700
+++ b/lisp/ChangeLog	Fri Oct 01 12:56:44 2010 +0000
@@ -1,3 +1,10 @@
+2010-10-01  Lars Magne Ingebrigtsen  <larsi@gnus.org>
+
+	* net/tls.el (tls-starttls-switches): Give up on using starttls with
+	gnutls-cli.
+	(tls-program): Add --insecure to be consistent with the defaults from
+	openssl s_client.  Now all three commands are insecure.
+
 2010-10-01  Eli Zaretskii  <eliz@gnu.org>
 
 	* makefile.w32-in (DEST, TAGS, TAGS-LISP, TAGS-nmake)
diff -r 7e83565f8d0e -r 400dd9dfdb7b lisp/gnus/ChangeLog
--- a/lisp/gnus/ChangeLog	Fri Oct 01 05:25:21 2010 -0700
+++ b/lisp/gnus/ChangeLog	Fri Oct 01 12:56:44 2010 +0000
@@ -1,3 +1,8 @@
+2010-10-01  Lars Magne Ingebrigtsen  <larsi@gnus.org>
+
+	* nnimap.el (nnimap-extend-tls-programs): Only extend those programs
+	for starttls that tls.el implements; i.e. openssl.
+
 2010-10-01  Katsumi Yamaoka  <yamaoka@jpl.org>
 
 	* gravatar.el: Don't load image.el that XEmacs doesn't provide.
diff -r 7e83565f8d0e -r 400dd9dfdb7b lisp/gnus/nnimap.el
--- a/lisp/gnus/nnimap.el	Fri Oct 01 05:25:21 2010 -0700
+++ b/lisp/gnus/nnimap.el	Fri Oct 01 12:56:44 2010 +0000
@@ -404,7 +404,11 @@
     (unless (consp programs)
       (setq programs (list programs)))
     (dolist (program programs)
-      (push (concat program " " "%s") result))
+      (when (assoc (car (split-string program)) tls-starttls-switches)
+	(push (if (not (string-match "%s" program))
+		  (concat program " " "%s")
+		program)
+	      result)))
     (nreverse result)))
 
 (defun nnimap-find-parameter (parameter elems)
diff -r 7e83565f8d0e -r 400dd9dfdb7b lisp/net/tls.el
--- a/lisp/net/tls.el	Fri Oct 01 05:25:21 2010 -0700
+++ b/lisp/net/tls.el	Fri Oct 01 12:56:44 2010 +0000
@@ -76,12 +76,11 @@
   :group 'tls)
 
 (defvar tls-starttls-switches
-  '(("gnutls-cli" "-s")
-    ("openssl" "-starttls imap"))
+  '(("openssl" "-starttls imap"))
   "Alist of programs and the switches necessary to get starttls behaviour.")
 
-(defcustom tls-program '("gnutls-cli %s -p %p %h"
-			 "gnutls-cli %s -p %p %h --protocols ssl3"
+(defcustom tls-program '("gnutls-cli --insecure -p %p %h"
+			 "gnutls-cli --insecure -p %p %h --protocols ssl3"
 			 "openssl s_client %s -connect %h:%p -no_ssl2 -ign_eof")
   "List of strings containing commands to start TLS stream to a host.
 Each entry in the list is tried until a connection is successful.