Only do opportunistic STARTTLS upgrades if we have built-in TLS support.

It's too brittle otherwise.

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 83930a3..2319ef7 100644 (file)
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -4,6 +4,8 @@
        TLS upgrades we don't really care about the identity of the peer.
        (proto-stream-open-network): Force starttls.el to use gnutls-cli, since
        that what we've checked for.
+       (proto-stream-always-use-starttls): Only default to t if
+       open-gnutls-stream exists.
 
        * nntp.el (nntp-open-connection): Report what the connection error is.
 
@@ -44,10 +46,10 @@
 
        * nntp.el (nntp-open-connection): Use proto-streams for the relevant
        connections types.
-       (nntp-open-network-stream): Removed.
-       (nntp-open-ssl-stream): Removed.
-       (nntp-open-tls-stream): Removed.
-       (nntp-ssl-program): Removed.
+       (nntp-open-network-stream): Remove.
+       (nntp-open-ssl-stream): Remove.
+       (nntp-open-tls-stream): Remove.
+       (nntp-ssl-program): Remove.
 
        * nnimap.el (nnimap-open-connection): Check for "OK" from the greeting.
 

diff --git a/lisp/proto-stream.el b/lisp/proto-stream.el
index eb112ae..6f4b019 100644 (file)
--- a/lisp/proto-stream.el
+++ b/lisp/proto-stream.el
@@ -54,7 +54,7 @@
 (require 'starttls)
 (require 'format-spec)
 
-(defcustom proto-stream-always-use-starttls t
+(defcustom proto-stream-always-use-starttls (fboundp 'open-gnutls-stream)
   "If non-nil, always try to upgrade network connections with STARTTLS."
   :version "24.1"
   :type 'boolean