From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/74486
Path: news.gmane.org!not-for-mail
From: Lars Magne Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: Automatic STARTTLS upgrades
Date: Sun, 28 Nov 2010 13:28:54 +0100
Organization: Programmerer Ingebrigtsen
Message-ID: <m362vhlji1.fsf@quimbies.gnus.org>
References: <sa3vd3l2txq.fsf@cigue.easter-eggs.fr>
	<m3eia9nd1d.fsf@quimbies.gnus.org> <87ipzkmgfn.fsf@lifelogs.com>
	<m3bp5cdvkw.fsf@quimbies.gnus.org> <m3hbf2eto7.fsf@quimbies.gnus.org>
	<m3mxoultj2.fsf@quimbies.gnus.org> <m31v667ph5.fsf@quimbies.gnus.org>
	<m3r5e6uqcb.fsf_-_@quimbies.gnus.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: dough.gmane.org 1290947371 7547 80.91.229.12 (28 Nov 2010 12:29:31 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Sun, 28 Nov 2010 12:29:31 +0000 (UTC)
To: ding@gnus.org
Original-X-From: ding-owner+M22845@lists.math.uh.edu Sun Nov 28 13:29:24 2010
Return-path: <ding-owner+M22845@lists.math.uh.edu>
Envelope-to: ding-account@gmane.org
Original-Received: from util0.math.uh.edu ([129.7.128.18])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <ding-owner+M22845@lists.math.uh.edu>)
	id 1PMgNg-0000e4-0N
	for ding-account@gmane.org; Sun, 28 Nov 2010 13:29:24 +0100
Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu)
	by util0.math.uh.edu with smtp (Exim 4.63)
	(envelope-from <ding-owner+M22845@lists.math.uh.edu>)
	id 1PMgNT-0001SA-Pe; Sun, 28 Nov 2010 06:29:11 -0600
Original-Received: from mx2.math.uh.edu ([129.7.128.33])
	by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.63)
	(envelope-from <postmaster@quimby.gnus.org>)
	id 1PMgNS-0001Rw-0x
	for ding@lists.math.uh.edu; Sun, 28 Nov 2010 06:29:10 -0600
Original-Received: from quimby.gnus.org ([80.91.231.51])
	by mx2.math.uh.edu with esmtp (Exim 4.72)
	(envelope-from <postmaster@quimby.gnus.org>)
	id 1PMgNN-0007lP-Jn
	for ding@lists.math.uh.edu; Sun, 28 Nov 2010 06:29:09 -0600
Original-Received: from lo.gmane.org ([80.91.229.12])
	by quimby.gnus.org with esmtp (Exim 3.36 #1 (Debian))
	id 1PMgNM-0001pM-00
	for <ding@gnus.org>; Sun, 28 Nov 2010 13:29:04 +0100
Original-Received: from list by lo.gmane.org with local (Exim 4.69)
	(envelope-from <ding-account@m.gmane.org>)
	id 1PMgNM-0000Yd-CC
	for ding@gnus.org; Sun, 28 Nov 2010 13:29:04 +0100
Original-Received: from cm-84.215.34.171.getinternet.no ([84.215.34.171])
        by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <ding@gnus.org>; Sun, 28 Nov 2010 13:29:04 +0100
Original-Received: from larsi by cm-84.215.34.171.getinternet.no with local (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <ding@gnus.org>; Sun, 28 Nov 2010 13:29:04 +0100
X-Injected-Via-Gmane: http://gmane.org/
Mail-Followup-To: ding@gnus.org
Original-Lines: 18
Original-X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: cm-84.215.34.171.getinternet.no
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAMFBMVEUAEtcAJeQAW/4T/P8A
 Rf4e/v8Caf4B4v8ALvIAS/8ANvsAQP4LnP4K9/8AO/0AUv+CHPVAAAACKklEQVQ4jW1TLY/bQBCd
 +wcNC7aqowErw2NLLMPIf8BgUXjIBYRUVnBUySg0MggKqVYyTImZQZFZkS0tMAty38zace56z5/7
 3szbmV2b6IHFBPqAFzD7bLnMso/aywKUgJ+Lb7MLc4dzlhUFbvtRkfBDMYFT9j584tu2LVrknLO9
 8PtMhEvbOudwa2FHi3FW8GBdV/IdCj34wpWd66x1IhXky2G+c5YFRuccC4czT8Dc8Zc+HmMbx2VJ
 cCrYqHBXrfMIh9bR0VpaHs5SvPuLcRTlHlFEUv/FXZAg7B1Hnv+syNs4Z68axGm43/NhGDYV+QQW
 mB7RewFtQYg83+NarfoNCY9Kr9HpLkIfAP0rgQdrrY5AroZgAl1cadGR1fnQB08g9rleNZy8kBpG
 CgG8jtD0aZh5ExjiBK1ZQEL6EFKyMXjOwNwBIs3GmOpmDDnvxFYyh6kAFmDFOSzIJIiv+OTJ0URs
 UZWkmBG+DzSIpeWUNHjlYk3Knbuu60puJAjGFQmGO8nadra0Mgu7rfDIc/IfAmrjbfKLfuKtoh/V
 rfqO6yYbBe2U50fUP31XWQvLTgqPddxZ9/SHfPpnpro31Yjb2Ec1Yyt49wOq3n9vvwLNr8121zS7
 TwKoJ/wZhWbb/A+aY9VbrdQsPKKVelOC5o1HJGSNU8gwWbOEy1vxa5ioJEySZB0qBZU4nKOTJ2Cw
 pl1dqzAM1fpBww4S1XXINk8IxZFqlayTL/APsgpaKW7iFK4AAAAASUVORK5CYII=
Mail-Copies-To: never
X-Now-Playing: Photek's _Solaris_: "Mine to Give"
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/24.0.50 (gnu/linux)
Cancel-Lock: sha1:7Ix/p+j/4laUcl74UkQRwvFi13Y=
X-Spam-Score: -1.9 (-)
List-ID: <ding.gnus.org>
Precedence: bulk
Xref: news.gmane.org gmane.emacs.gnus.general:74486
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.general/74486>

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> * We then do the TLS negotiation.  This is at least one round trip, but
>   it's probably more.  It may fail for any number of reasons.  For
>   instance, inn may be compiled with TLS support, but not have the
>   certificates.  Or they may be grossly invalid.  In that case, we error
>   out.

I've now fixed this.  If the server announces STARTTLS, but gives an
error when we try to enable it, the connection will just stay
unencrypted.  This works both with the built-in gnutls support and the
starttls.el support.  (Although in the latter case, the stream will
still pass through gnutls-cli, but unencrypted.  So it'll be marginally
slower, but it shouldn't matter much.)

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen