tls.el: Revert last change, that works on only Emacs 25.1

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 21e3a63..dcbb755 100644 (file)
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,14 +1,3 @@
-2015-12-29  Lars Ingebrigtsen  <larsi@gnus.org>
-
-       Remove --insecure from gnutls-cli invocation;
-       make tls.el use trustfiles by default
-
-       * tls.el (tls-program):
-       Default to using secure TLS connections (bug#19284);
-       add a certfile by default (bug#21227).
-       (open-tls-stream):
-       Insert the trustfile by looking at `gnutls-trustfiles'.
-

 2015-12-28  Katsumi Yamaoka  <yamaoka@jpl.org>
 
        * mml-sec.el (mml-secure-bcc-is-safe):
 2015-12-28  Katsumi Yamaoka  <yamaoka@jpl.org>
 
        * mml-sec.el (mml-secure-bcc-is-safe):

diff --git a/lisp/tls.el b/lisp/tls.el
index 72fb50e..48e6a42 100644 (file)
--- a/lisp/tls.el
+++ b/lisp/tls.el
@@ -44,8 +44,6 @@
 
 ;;; Code:
 
 
 ;;; Code:
 

-(require 'gnutls)
-

 (autoload 'format-spec "format-spec")
 (autoload 'format-spec-make "format-spec")
 
 (autoload 'format-spec "format-spec")
 (autoload 'format-spec-make "format-spec")
 


@@ -76,10 +74,9 @@ and `gnutls-cli' (version 2.0.1) output."
   :type 'regexp
   :group 'tls)
 
   :type 'regexp
   :group 'tls)
 

-(defcustom tls-program
-  '("gnutls-cli --x509cafile %t -p %p %h"
-    "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3"
-    "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
+(defcustom tls-program '("gnutls-cli --insecure -p %p %h"
+                        "gnutls-cli --insecure -p %p %h --protocols ssl3"
+                        "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")

   "List of strings containing commands to start TLS stream to a host.
 Each entry in the list is tried until a connection is successful.
 %h is replaced with server hostname, %p with port to connect to.
   "List of strings containing commands to start TLS stream to a host.
 Each entry in the list is tried until a connection is successful.
 %h is replaced with server hostname, %p with port to connect to.


@@ -92,17 +89,21 @@ successful negotiation."
   :type
   '(choice
     (const :tag "Default list of commands"
   :type
   '(choice
     (const :tag "Default list of commands"

-          ("gnutls-cli --x509cafile %t -p %p %h"
-           "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3"
-           "openssl s_client -CAfile %t -connect %h:%p -no_ssl2 -ign_eof"))
+          ("gnutls-cli --insecure -p %p %h"
+           "gnutls-cli --insecure -p %p %h --protocols ssl3"
+           "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))

     (list :tag "Choose commands"
          :value
     (list :tag "Choose commands"
          :value

-         ("gnutls-cli --x509cafile %t -p %p %h"
-          "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3"
+         ("gnutls-cli --insecure -p %p %h"
+          "gnutls-cli --insecure -p %p %h --protocols ssl3"

           "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
          (set :inline t
               ;; FIXME: add brief `:tag "..."' descriptions.
               ;; (repeat :inline t :tag "Other" (string))
           "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
          (set :inline t
               ;; FIXME: add brief `:tag "..."' descriptions.
               ;; (repeat :inline t :tag "Other" (string))

+              ;; See `tls-checktrust':
+              (const "gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h")
+              (const "gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h --protocols ssl3")
+              (const "openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2 -ign_eof")

               ;; No trust check:
               (const "gnutls-cli --insecure -p %p %h")
               (const "gnutls-cli --insecure -p %p %h --protocols ssl3")
               ;; No trust check:
               (const "gnutls-cli --insecure -p %p %h")
               (const "gnutls-cli --insecure -p %p %h --protocols ssl3")


@@ -231,7 +232,6 @@ Fourth arg PORT is an integer specifying a port to connect to."
               (format-spec
                cmd
                (format-spec-make
               (format-spec
                cmd
                (format-spec-make

-                 ?t (car (gnutls-trustfiles))

                 ?h host
                 ?p (if (integerp port)
                        (int-to-string port)
                 ?h host
                 ?p (if (integerp port)
                        (int-to-string port)