When doing opportunistic TLS upgrades we don't really care about the identity of...

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 102b5b5..c246461 100644 (file)
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,5 +1,10 @@
 2010-11-28  Lars Magne Ingebrigtsen  <larsi@gnus.org>
 
+       * proto-stream.el (proto-stream-open-network): When doing opportunistic
+       TLS upgrades we don't really care about the identity of the peer.
+
+       * nntp.el (nntp-open-connection): Report what the connection error is.
+
        * proto-stream.el (open-protocol-stream): Renamed from
        open-proto-stream.
 

diff --git a/lisp/nntp.el b/lisp/nntp.el
index a90b171..c020610 100644 (file)
--- a/lisp/nntp.el
+++ b/lisp/nntp.el
@@ -1262,7 +1262,7 @@ password contained in '~/.nntp-authinfo'."
                `(lambda ()
                   (nntp-kill-buffer ,pbuffer)))))
         (process
-         (condition-case ()
+         (condition-case err
              (let ((coding-system-for-read nntp-coding-system-for-read)
                    (coding-system-for-write nntp-coding-system-for-write)
                    (map '((nntp-open-network-stream network)
@@ -1281,7 +1281,8 @@ password contained in '~/.nntp-authinfo'."
                                nil
                              "STARTTLS\r\n"))))
                  (funcall nntp-open-connection-function pbuffer)))
-           (error nil)
+           (error
+            (nnheader-report 'nntp "%s" err))
            (quit
             (message "Quit opening connection to %s" nntp-address)
             (nntp-kill-buffer pbuffer)

diff --git a/lisp/proto-stream.el b/lisp/proto-stream.el
index b50e4bc..d3c373d 100644 (file)
--- a/lisp/proto-stream.el
+++ b/lisp/proto-stream.el
@@ -109,6 +109,7 @@ command to switch on STARTTLS otherwise."
         (stream (open-network-stream name buffer host service))
         (capability-command (cadr (memq :capability-command parameters)))
         (eoc (proto-stream-eoc parameters))
+        (type (cadr (memq :type parameters)))
         (greeting (proto-stream-get-response stream start eoc)))
     (if (not capability-command)
        (list stream greeting nil)
@@ -119,11 +120,12 @@ command to switch on STARTTLS otherwise."
                       capabilities)))
        (cond
         ((or (not starttls-command)
-             (not proto-stream-always-use-starttls))
+             (and (not (eq type 'starttls))
+                  (not proto-stream-always-use-starttls)))
          ;; If this server doesn't support STARTTLS, but we have
          ;; requested it explicitly, then close the connection and
          ;; return nil.
-         (if (eq (cadr (memq :type parameters)) 'starttls)
+         (if (eq type 'starttls)
              (progn
                (delete-process stream)
                nil)
@@ -133,7 +135,15 @@ command to switch on STARTTLS otherwise."
              (executable-find "gnutls-cli"))
          (unless (fboundp 'open-gnutls-stream)
            (delete-process stream)
-           (setq stream (starttls-open-stream name buffer host service))
+           (let ((starttls-extra-arguments
+                  (if (and starttls-use-gnutls
+                           (not (eq type 'starttls)))
+                      ;; When doing opportunistic TLS upgrades we
+                      ;; don't really care about the identity of the
+                      ;; peer.
+                      (cons "--insecure" starttls-extra-arguments)
+                    starttls-extra-arguments)))
+             (setq stream (starttls-open-stream name buffer host service)))
            (proto-stream-get-response stream start eoc))
          (proto-stream-command stream starttls-command eoc)
          (if (fboundp 'open-gnutls-stream)