From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/74486 Path: news.gmane.org!not-for-mail From: Lars Magne Ingebrigtsen Newsgroups: gmane.emacs.gnus.general Subject: Re: Automatic STARTTLS upgrades Date: Sun, 28 Nov 2010 13:28:54 +0100 Organization: Programmerer Ingebrigtsen Message-ID: References: <87ipzkmgfn.fsf@lifelogs.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1290947371 7547 80.91.229.12 (28 Nov 2010 12:29:31 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sun, 28 Nov 2010 12:29:31 +0000 (UTC) To: ding@gnus.org Original-X-From: ding-owner+M22845@lists.math.uh.edu Sun Nov 28 13:29:24 2010 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1PMgNg-0000e4-0N for ding-account@gmane.org; Sun, 28 Nov 2010 13:29:24 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1PMgNT-0001SA-Pe; Sun, 28 Nov 2010 06:29:11 -0600 Original-Received: from mx2.math.uh.edu ([129.7.128.33]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1PMgNS-0001Rw-0x for ding@lists.math.uh.edu; Sun, 28 Nov 2010 06:29:10 -0600 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx2.math.uh.edu with esmtp (Exim 4.72) (envelope-from ) id 1PMgNN-0007lP-Jn for ding@lists.math.uh.edu; Sun, 28 Nov 2010 06:29:09 -0600 Original-Received: from lo.gmane.org ([80.91.229.12]) by quimby.gnus.org with esmtp (Exim 3.36 #1 (Debian)) id 1PMgNM-0001pM-00 for ; Sun, 28 Nov 2010 13:29:04 +0100 Original-Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1PMgNM-0000Yd-CC for ding@gnus.org; Sun, 28 Nov 2010 13:29:04 +0100 Original-Received: from cm-84.215.34.171.getinternet.no ([84.215.34.171]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 28 Nov 2010 13:29:04 +0100 Original-Received: from larsi by cm-84.215.34.171.getinternet.no with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 28 Nov 2010 13:29:04 +0100 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: ding@gnus.org Original-Lines: 18 Original-X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: cm-84.215.34.171.getinternet.no Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAMFBMVEUAEtcAJeQAW/4T/P8A Rf4e/v8Caf4B4v8ALvIAS/8ANvsAQP4LnP4K9/8AO/0AUv+CHPVAAAACKklEQVQ4jW1TLY/bQBCd +wcNC7aqowErw2NLLMPIf8BgUXjIBYRUVnBUySg0MggKqVYyTImZQZFZkS0tMAty38zace56z5/7 3szbmV2b6IHFBPqAFzD7bLnMso/aywKUgJ+Lb7MLc4dzlhUFbvtRkfBDMYFT9j584tu2LVrknLO9 8PtMhEvbOudwa2FHi3FW8GBdV/IdCj34wpWd66x1IhXky2G+c5YFRuccC4czT8Dc8Zc+HmMbx2VJ cCrYqHBXrfMIh9bR0VpaHs5SvPuLcRTlHlFEUv/FXZAg7B1Hnv+syNs4Z68axGm43/NhGDYV+QQW mB7RewFtQYg83+NarfoNCY9Kr9HpLkIfAP0rgQdrrY5AroZgAl1cadGR1fnQB08g9rleNZy8kBpG CgG8jtD0aZh5ExjiBK1ZQEL6EFKyMXjOwNwBIs3GmOpmDDnvxFYyh6kAFmDFOSzIJIiv+OTJ0URs UZWkmBG+DzSIpeWUNHjlYk3Knbuu60puJAjGFQmGO8nadra0Mgu7rfDIc/IfAmrjbfKLfuKtoh/V rfqO6yYbBe2U50fUP31XWQvLTgqPddxZ9/SHfPpnpro31Yjb2Ec1Yyt49wOq3n9vvwLNr8121zS7 TwKoJ/wZhWbb/A+aY9VbrdQsPKKVelOC5o1HJGSNU8gwWbOEy1vxa5ioJEySZB0qBZU4nKOTJ2Cw pl1dqzAM1fpBww4S1XXINk8IxZFqlayTL/APsgpaKW7iFK4AAAAASUVORK5CYII= Mail-Copies-To: never X-Now-Playing: Photek's _Solaris_: "Mine to Give" User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/24.0.50 (gnu/linux) Cancel-Lock: sha1:7Ix/p+j/4laUcl74UkQRwvFi13Y= X-Spam-Score: -1.9 (-) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:74486 Archived-At: Lars Magne Ingebrigtsen writes: > * We then do the TLS negotiation. This is at least one round trip, but > it's probably more. It may fail for any number of reasons. For > instance, inn may be compiled with TLS support, but not have the > certificates. Or they may be grossly invalid. In that case, we error > out. I've now fixed this. If the server announces STARTTLS, but gives an error when we try to enable it, the connection will just stay unencrypted. This works both with the built-in gnutls support and the starttls.el support. (Although in the latter case, the stream will still pass through gnutls-cli, but unencrypted. So it'll be marginally slower, but it shouldn't matter much.) -- (domestic pets only, the antidote for overdose, milk.) larsi@gnus.org * Lars Magne Ingebrigtsen