X-Git-Url: http://cgit.sxemacs.org/?p=gnus;a=blobdiff_plain;f=lisp%2Ftls.el;h=6abb0483d52d849910c95fc9c64a46ca64effc61;hp=275e10e0f563b78178df489e7ce636dde8c8e2eb;hb=54b3844ec0d9b1fd25b4f00f927853ff72ba5274;hpb=e9a458f0f737829c8c43ed1cbd4b4dcf0f833852

diff --git a/lisp/tls.el b/lisp/tls.el
index 275e10e0f..6abb0483d 100644
--- a/lisp/tls.el
+++ b/lisp/tls.el
@@ -1,7 +1,6 @@
 ;;; tls.el --- TLS/SSL support via wrapper around GnuTLS
 
-;; Copyright (C) 1996, 1997, 1998, 1999, 2002, 2003, 2004, 2005, 2006,
-;;   2007, 2008, 2009, 2010  Free Software Foundation, Inc.
+;; Copyright (C) 1996-1999, 2002-2014 Free Software Foundation, Inc.
 
 ;; Author: Simon Josefsson <simon@josefsson.org>
 ;; Keywords: comm, tls, gnutls, ssl
@@ -77,12 +76,11 @@ and `gnutls-cli' (version 2.0.1) output."
 
 (defcustom tls-program '("gnutls-cli --insecure -p %p %h"
 			 "gnutls-cli --insecure -p %p %h --protocols ssl3"
-			 "openssl s_client %s -connect %h:%p -no_ssl2 -ign_eof")
+			 "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
   "List of strings containing commands to start TLS stream to a host.
 Each entry in the list is tried until a connection is successful.
 %h is replaced with server hostname, %p with port to connect to.
-The program should read input on stdin and write output to
-stdout.
+The program should read input on stdin and write output to stdout.
 
 See `tls-checktrust' on how to check trusted root certs.
 
@@ -90,10 +88,14 @@ Also see `tls-success' for what the program should output after
 successful negotiation."
   :type
   '(choice
+    (const :tag "Default list of commands"
+	   ("gnutls-cli --insecure -p %p %h"
+	    "gnutls-cli --insecure -p %p %h --protocols ssl3"
+	    "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
     (list :tag "Choose commands"
 	  :value
-	  ("gnutls-cli -p %p %h"
-	   "gnutls-cli -p %p %h --protocols ssl3"
+	  ("gnutls-cli --insecure -p %p %h"
+	   "gnutls-cli --insecure -p %p %h --protocols ssl3"
 	   "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
 	  (set :inline t
 	       ;; FIXME: add brief `:tag "..."' descriptions.
@@ -103,14 +105,10 @@ successful negotiation."
 	       (const "gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h --protocols ssl3")
 	       (const "openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2 -ign_eof")
 	       ;; No trust check:
-	       (const "gnutls-cli -p %p %h")
-	       (const "gnutls-cli -p %p %h --protocols ssl3")
+	       (const "gnutls-cli --insecure -p %p %h")
+	       (const "gnutls-cli --insecure -p %p %h --protocols ssl3")
 	       (const "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
 	  (repeat :inline t :tag "Other" (string)))
-    (const :tag "Default list of commands"
-	   ("gnutls-cli -p %p %h"
-	    "gnutls-cli -p %p %h --protocols ssl3"
-	    "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
     (list :tag "List of commands"
 	  (repeat :tag "Command" (string))))
   :version "22.1"
@@ -124,7 +122,7 @@ successful negotiation."
 
 (defcustom tls-success "- Handshake was completed\\|SSL handshake has read "
   "Regular expression indicating completed TLS handshakes.
-The default is what GNUTLS's \"gnutls-cli\" or OpenSSL's
+The default is what GnuTLS's \"gnutls-cli\" or OpenSSL's
 \"openssl s_client\" outputs."
   :version "22.1"
   :type 'regexp
@@ -151,7 +149,7 @@ consider trustworthy, e.g.:
 (defcustom tls-untrusted
   "- Peer's certificate is NOT trusted\\|Verify return code: \\([^0] \\|.[^ ]\\)"
   "Regular expression indicating failure of TLS certificate verification.
-The default is what GNUTLS's \"gnutls-cli\" or OpenSSL's
+The default is what GnuTLS's \"gnutls-cli\" or OpenSSL's
 \"openssl s_client\" return in the event of unsuccessful
 verification."
   :type 'regexp
@@ -169,8 +167,8 @@ this to nil if you want to ignore host name mismatches."
   :version "23.1" ;; No Gnus
   :group 'tls)
 
-(defcustom tls-certtool-program (executable-find "certtool")
-  "Name of  GnuTLS certtool.
+(defcustom tls-certtool-program "certtool"
+  "Name of GnuTLS certtool.
 Used by `tls-certificate-information'."
   :version "22.1"
   :type 'string
@@ -232,16 +230,11 @@ Fourth arg PORT is an integer specifying a port to connect to."
 		 ?h host
 		 ?p (if (integerp port)
 			(int-to-string port)
-		      port))))
-	      response)
+		      port)))))
 	  (message "Opening TLS connection with `%s'..." formatted-cmd)
 	  (setq process (start-process
 			 name buffer shell-file-name shell-command-switch
 			 formatted-cmd))
-	  (funcall (if (fboundp 'set-process-query-on-exit-flag)
-		       'set-process-query-on-exit-flag
-		     'process-kill-without-query)
-		   process nil)
 	  (while (and process
 		      (memq (process-status process) '(open run))
 		      (progn
@@ -292,7 +285,10 @@ NOT trusted. Accept anyway? " host)))))
 			     (format "Host name in certificate doesn't \
 match `%s'. Connect anyway? " host))))))
 	(setq done nil)
-	(delete-process process)))
+	(delete-process process))
+      ;; Delete all the informational messages that could confuse
+      ;; future uses of `buffer'.
+      (delete-region (point-min) (point)))
     (message "Opening TLS connection to `%s'...%s"
 	     host (if done "done" "failed"))
     (when use-temp-buffer