From 588f5c2b186fb031323ee226aa8d28b0f9deccc9 Mon Sep 17 00:00:00 2001
From: Katsumi Yamaoka <yamaoka@jpl.org>
Date: Thu, 31 Dec 2015 00:10:30 +0000
Subject: [PATCH] tls.el: Revert last change, that works on only Emacs 25.1

---
 lisp/ChangeLog | 11 -----------
 lisp/tls.el    | 24 ++++++++++++------------
 2 files changed, 12 insertions(+), 23 deletions(-)

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 21e3a632c..dcbb75572 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,14 +1,3 @@
-2015-12-29  Lars Ingebrigtsen  <larsi@gnus.org>
-
-	Remove --insecure from gnutls-cli invocation;
-	make tls.el use trustfiles by default
-
-	* tls.el (tls-program):
-	Default to using secure TLS connections (bug#19284);
-	add a certfile by default (bug#21227).
-	(open-tls-stream):
-	Insert the trustfile by looking at `gnutls-trustfiles'.
-
 2015-12-28  Katsumi Yamaoka  <yamaoka@jpl.org>
 
 	* mml-sec.el (mml-secure-bcc-is-safe):
diff --git a/lisp/tls.el b/lisp/tls.el
index 72fb50ed9..48e6a4218 100644
--- a/lisp/tls.el
+++ b/lisp/tls.el
@@ -44,8 +44,6 @@
 
 ;;; Code:
 
-(require 'gnutls)
-
 (autoload 'format-spec "format-spec")
 (autoload 'format-spec-make "format-spec")
 
@@ -76,10 +74,9 @@ and `gnutls-cli' (version 2.0.1) output."
   :type 'regexp
   :group 'tls)
 
-(defcustom tls-program
-  '("gnutls-cli --x509cafile %t -p %p %h"
-    "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3"
-    "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
+(defcustom tls-program '("gnutls-cli --insecure -p %p %h"
+			 "gnutls-cli --insecure -p %p %h --protocols ssl3"
+			 "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
   "List of strings containing commands to start TLS stream to a host.
 Each entry in the list is tried until a connection is successful.
 %h is replaced with server hostname, %p with port to connect to.
@@ -92,17 +89,21 @@ successful negotiation."
   :type
   '(choice
     (const :tag "Default list of commands"
-	   ("gnutls-cli --x509cafile %t -p %p %h"
-	    "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3"
-	    "openssl s_client -CAfile %t -connect %h:%p -no_ssl2 -ign_eof"))
+	   ("gnutls-cli --insecure -p %p %h"
+	    "gnutls-cli --insecure -p %p %h --protocols ssl3"
+	    "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
     (list :tag "Choose commands"
 	  :value
-	  ("gnutls-cli --x509cafile %t -p %p %h"
-	   "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3"
+	  ("gnutls-cli --insecure -p %p %h"
+	   "gnutls-cli --insecure -p %p %h --protocols ssl3"
 	   "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
 	  (set :inline t
 	       ;; FIXME: add brief `:tag "..."' descriptions.
 	       ;; (repeat :inline t :tag "Other" (string))
+	       ;; See `tls-checktrust':
+	       (const "gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h")
+	       (const "gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h --protocols ssl3")
+	       (const "openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2 -ign_eof")
 	       ;; No trust check:
 	       (const "gnutls-cli --insecure -p %p %h")
 	       (const "gnutls-cli --insecure -p %p %h --protocols ssl3")
@@ -231,7 +232,6 @@ Fourth arg PORT is an integer specifying a port to connect to."
 	       (format-spec
 		cmd
 		(format-spec-make
-                 ?t (car (gnutls-trustfiles))
 		 ?h host
 		 ?p (if (integerp port)
 			(int-to-string port)
-- 
2.25.1