GNU bug report logs - #23759
25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: emacs; Reported by: flitterio@HIDDEN (Francis Litterio); Keywords: security; dated Sun, 12 Jun 2016 21:35:02 UTC; Maintainer for emacs is bug-gnu-emacs@HIDDEN.

Message received at 23759 <at> debbugs.gnu.org:


Received: (at 23759) by debbugs.gnu.org; 5 Jul 2016 17:59:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jul 05 13:59:48 2016
Received: from localhost ([127.0.0.1]:38574 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1bKUdP-0000YT-SC
	for submit <at> debbugs.gnu.org; Tue, 05 Jul 2016 13:59:48 -0400
Received: from mail-oi0-f47.google.com ([209.85.218.47]:33709)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <npostavs@HIDDEN>) id 1bKUdN-0000YG-U3
 for 23759 <at> debbugs.gnu.org; Tue, 05 Jul 2016 13:59:46 -0400
Received: by mail-oi0-f47.google.com with SMTP id u201so239559109oie.0
 for <23759 <at> debbugs.gnu.org>; Tue, 05 Jul 2016 10:59:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:sender:in-reply-to:references:from:date:message-id
 :subject:to:cc;
 bh=eA98bN4BMezVbnvwJIrtUDiSsuSE5smYqDK563IYf8c=;
 b=AqUZXJCI47PexTXyrdWL7esl7TQu/QGbPvjPpy1ITwRmERpVWVA0vVOtBBDugVRYjQ
 fAyywQ3MBzIXa4Y1TyrGw9RgMn2g38BA5gnTJ+0c0IUejJkgljYNcZgGGyjUDU7swXpw
 332Q4QJ7ApRZecmqGXd1wNVlN7x0n9hr5y64tNOD7/ERIBp+vi1z8I0dzNLLZUm5KByO
 wGZTtKGE6NQx/Lh2MtpLWfMocZe33RU5LD0XCp8AxP8ljIugufClCMrZYfvg49IlwRdS
 X1eOOUg/NPbHwHmvlnvb9xMJHzwlWY0q1ealpM/tXoFD17XKNCmCkWYeXWlaLYazMeLA
 CuJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
 :date:message-id:subject:to:cc;
 bh=eA98bN4BMezVbnvwJIrtUDiSsuSE5smYqDK563IYf8c=;
 b=Dxw2GwZxvglPib0ilyjBEvcQHu1vbyDnOsJ41tiSm5nm7ESBhDel66tQhhw/7FVzlk
 s2caOhEDYphB0ccQpZFzRZJSmPKT/q6/uOcL8ihpoq++KCTqQoLzm6ARF+rdC9gTcg6t
 cx5fkiKpC+3FAQofdvpoY6e0wiWn0FrwiXERqxZyCGXs36yz7KCf98r8mIEShYUNMJFG
 jUa4iJZuO4SYnPFRooZHBb7Q4IpS5ohYp3vdjw0P16ROEspcpnPtrhDrRZPYgVqxSbux
 JjU9SxginA8eABLaL9DPnc7owh7SQZEj2h2uPLJRUE6ZV3CP6FmYWN/njME/LcCb1BPB
 O3aA==
X-Gm-Message-State: ALyK8tKYuxYPVK66dtYbPzkqffwz5W5PVZEde2XNMxRJh+2s3cSZUJLmkv3Qrco/sVZ5F1TOyU00avN4sG0yOQ==
X-Received: by 10.202.5.193 with SMTP id 184mr9462377oif.143.1467741580476;
 Tue, 05 Jul 2016 10:59:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.4.197 with HTTP; Tue, 5 Jul 2016 10:59:39 -0700 (PDT)
In-Reply-To: <CAH+LVpmi6w=dyOcwYSn1_4uAKkKb3GD76nAbUdyjRxrDVhjAEw@HIDDEN>
References: <87y46ahz23.fsf@HIDDEN>
 <CAH+LVpk1DoqS5mdOX9-5YZ6RqntM+4+UQC9BPhwAZmAb=n6zWA@HIDDEN>
 <87wpl0gnjf.fsf@HIDDEN>
 <CAM-tV-80k9Ue7ECvd_vzoYzuFYLT6amf1MSQzcn1XVYVPNByhQ@HIDDEN>
 <CAH+LVpmi6w=dyOcwYSn1_4uAKkKb3GD76nAbUdyjRxrDVhjAEw@HIDDEN>
From: Noam Postavsky <npostavs@HIDDEN>
Date: Tue, 5 Jul 2016 13:59:39 -0400
X-Google-Sender-Auth: lQR_6x82Z0pYhEDzLF2qfDYRRFE
Message-ID: <CAM-tV-_soda28sOBr-9Dq6fyVRBN-GzL6-VVWz45NOJ5fPzhTw@HIDDEN>
Subject: Re: bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed
 gnutls-cli command if trusted cert files don't exist
To: Konstantin Kliakhandler <kosta@HIDDEN>
Content-Type: text/plain; charset=UTF-8
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 23759
Cc: 23759 <at> debbugs.gnu.org, Ted Zlatanov <tzz@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

On Tue, Jul 5, 2016 at 12:54 PM, Konstantin Kliakhandler
<kosta@HIDDEN> wrote:
> From what both of you said, I still am not sure what is meant by "native
> support". However, for various reasons I don't like the version provided in
> homebrew. I prefer the version from https://emacsformacosx.com. Noam, is
> this "one of the pre-built binary packages" you were referring to, or did
> you mean something else? How will I know that the libraries are being used?
> Finally, is there a way to test them explicitly?

If evaluating (gnutls-available-p) returns t, then you are using the
gnutls library (if the function is undefined then your Emacs is not
compiled with libgnutls support). And if you hit bug 22929/23225/23503
then you might notice by seeing that https doesn't work :(
I don't run OSX (Ted was the one mentioning "pre-built binary
packages"), so I can't say much more than that.




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#23759; Package emacs. Full text available.

Message received at 23759 <at> debbugs.gnu.org:


Received: (at 23759) by debbugs.gnu.org; 5 Jul 2016 16:55:22 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jul 05 12:55:21 2016
Received: from localhost ([127.0.0.1]:38511 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1bKTd3-0007Ro-Fu
	for submit <at> debbugs.gnu.org; Tue, 05 Jul 2016 12:55:21 -0400
Received: from mail-it0-f47.google.com ([209.85.214.47]:35428)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <kosta@HIDDEN>) id 1bKTd1-0007RF-5f
 for 23759 <at> debbugs.gnu.org; Tue, 05 Jul 2016 12:55:20 -0400
Received: by mail-it0-f47.google.com with SMTP id j185so55155949ith.0
 for <23759 <at> debbugs.gnu.org>; Tue, 05 Jul 2016 09:55:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=slumpy-org.20150623.gappssmtp.com; s=20150623;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=exm9se0cfymYG17KU3V4rbSgJkOkQPxjb1guAFThKTY=;
 b=lToudfS1590ozs/D8xx4rwy+UvRfFNkuJRjSlih3A3VGBsVHEoPHue2sXqBHiRNbYL
 m1o/nL6+761lBauyzgraCA1uvmYrUnaoAn5/fL0pEkZkBC54ttkuKLrczrz7+MWkhTzE
 95rQHCuU28ATPU9WXs2h2Ww0hbOMl9RiVrT0H1wu1OOCjZu2sDn5H6nv2o0dxC7pw9zR
 dwEn8/61z3KHCtAfgPCxoB5WlChhANEksgewSQKPQJJbEeTeFrHCik5aHBuXPL7QW13I
 5L1sEIn6fOnnOLeOzb5O/ujgxuVnXKpfYCPfWMEzGNDur6S98PuP2KQk57GjljvEoR1+
 UVCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=exm9se0cfymYG17KU3V4rbSgJkOkQPxjb1guAFThKTY=;
 b=Wj1TvXa2Mtk85/DACoUXkm6e0ZLjNhMC+LS+J+JqSmJPsgBq+Wg0hN7iCVwOzK6s1h
 qfc0Zywfezbl0oa+Yv1DEcOcOrvZdrqeIjJVi6SdTfMPink/Nq8faV+GEeNlFpSzxAEf
 ZDjDI92Jxp8M3SJJS5ufKksd8NF4vll0T3CLSmCaVAe3YfguPKyr2Ds2aGwjTQXW366e
 2RXlgF3aM2sbD1Q3nQAXdODkaA+Bk6s2SH4BgI8lWUFAEA3v85FA3cMHJ74VzrvxpjSS
 FEP5AA440MySSBB+Bf0TvM32uV8VeQV+AT+pcwGW2SUJ+QzLz4uJ7nr28kBfYnBU94Kr
 bqag==
X-Gm-Message-State: ALyK8tIP2pCNd1pqNneNSe1nGfJkBhxpCvgj8KoW5iBbDyve1YlrmypHKrYg9PR0qJJUHB0YoYSsqAb1K3RPQzHE
X-Received: by 10.36.16.197 with SMTP id 188mr7236651ity.88.1467737713357;
 Tue, 05 Jul 2016 09:55:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.136.216 with HTTP; Tue, 5 Jul 2016 09:54:53 -0700 (PDT)
In-Reply-To: <CAM-tV-80k9Ue7ECvd_vzoYzuFYLT6amf1MSQzcn1XVYVPNByhQ@HIDDEN>
References: <87y46ahz23.fsf@HIDDEN>
 <CAH+LVpk1DoqS5mdOX9-5YZ6RqntM+4+UQC9BPhwAZmAb=n6zWA@HIDDEN>
 <87wpl0gnjf.fsf@HIDDEN>
 <CAM-tV-80k9Ue7ECvd_vzoYzuFYLT6amf1MSQzcn1XVYVPNByhQ@HIDDEN>
From: Konstantin Kliakhandler <kosta@HIDDEN>
Date: Tue, 5 Jul 2016 19:54:53 +0300
Message-ID: <CAH+LVpmi6w=dyOcwYSn1_4uAKkKb3GD76nAbUdyjRxrDVhjAEw@HIDDEN>
Subject: Re: bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed
 gnutls-cli command if trusted cert files don't exist
To: Noam Postavsky <npostavs@HIDDEN>
Content-Type: multipart/mixed; boundary=001a1144405a07ee160536e6519b
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 23759
Cc: 23759 <at> debbugs.gnu.org, Ted Zlatanov <tzz@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

--001a1144405a07ee160536e6519b
Content-Type: multipart/alternative; boundary=001a1144405a07ee0f0536e65199

--001a1144405a07ee0f0536e65199
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi,

On 5 July 2016 at 17:49, Noam Postavsky <npostavs@HIDDEN>
wrote:
>
> I think gnutls is broken on master for OSX currently, see
> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D23503
>

When I do this, with my patch enabled, I get a buffer with:

Cache-Control: max-age=3D0
> Expires: Tue, 05 Jul 2016 14:58:42 GMT
> Content-Length: 3104
> Keep-Alive: timeout=3D3, max=3D100
> Connection: Keep-Alive
> Content-Type: text/html
> Content-Language: en
> ...


Of course, it would have worked even before the patch since currently
tls.el by default attempts two connections via gnutls-tls and then tries
via openssl s_client, which always worked for me (at least for ERC).

On 5 July 2016 at 17:36, Ted Zlatanov <tzz@HIDDEN> wrote:
>
>
> As you said, one of the key points of your patch is this:
>
> -  '("gnutls-cli --x509cafile %t -p %p %h"
> +  '("gnutls-cli -p %p %h"
> +    "gnutls-cli --x509cafile %t -p %p %h"
>

I wouldn't characterize it as "one of the key points" of my patch, and the
patch would work just as well if instead the line without --x509cafile was
at the bottom of the list. Well, it would work worse for some users, but
the key word is that it would work - except that now now it would take
several more attempts to connect on my computer and on OPs (instead of just
not connecting at all for OP).

Which replaces the specific call with a generic call (no CA file
> specified). This is probably less secure because it will use the system
> CA trustfiles regardless of the user's preferred `gnutls-trustfiles', so
> I'd rather not make it the first thing attempted.


Personally, I also think that the default as defined in my current patch is
preferable, since anyone who messes around with the certificates would edit
this variable e.g. to set there --strict-tofu or the like (I did. It is a
bit more annoying to use, but since I rarely open a new domain in emacs,
it's not a big deal). For everyone else, they trust their system CAs all
the time when they go online. Especially considering that the previous
default for this variable had "--insecure" in the arguments, I thought that
the priorities for the new setting was 1>2>3 "1. It is secure by default.
2. It works by default. 3. It is secure in edge cases", rather than 1>3>2.

Anyway, I do concede that the second version is more secure. Attached is a
patch that I hope is more to your liking. I put the the call that do not
use an explicit certificate at the bottom of the list, even below the call
to openssl s_client. I'm not sure what are the implications, as I don't
know the relative merits of openssl s_client vs gnutls-cli. If you are
inclined to educate me, please do as a short googling did not reveal the
answers.


> Once the libraries are installed, you're all set, they'll be used
> automatically.
>

From what both of you said, I still am not sure what is meant by "native
support". However, for various reasons I don't like the version provided in
homebrew. I prefer the version from https://emacsformacosx.com. Noam, is
this *"one of the pre-built binary packages"* you were referring to, or did
you mean something else? How will I know that the libraries are being used?
Finally, is there a way to test them explicitly? Anyway, it seems that the
version I got from the site above does not have built in gnutls:

system-configuration-features is a variable defined in =E2=80=98C source co=
de=E2=80=99.
Its value is "NOTIFY ACL LIBXML2 ZLIB TOOLKIT_SCROLL_BARS NS"
system-configuration-options is a variable defined in =E2=80=98C source cod=
e=E2=80=99.
Its value is
"--with-ns '--enable-locallisppath=3D/Library/Application
Support/Emacs/${version}/site-lisp:/Library/Application
Support/Emacs/site-lisp'

I'll build one myself and see if the results I get are any different.

Thanks for your time,
Kosta

--001a1144405a07ee0f0536e65199
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi,<div class=3D"gmail_extra"><div><div data-smartmail=3D"=
gmail_signature"><div dir=3D"ltr"><br></div></div></div><div class=3D"gmail=
_quote">On 5 July 2016 at 17:49, Noam Postavsky <span dir=3D"ltr">&lt;<a hr=
ef=3D"mailto:npostavs@HIDDEN" target=3D"_blank">npostavs@use=
rs.sourceforge.net</a>&gt;</span> wrote:<blockquote class=3D"gmail_quote" s=
tyle=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:so=
lid;border-left-color:rgb(204,204,204);padding-left:1ex">I think gnutls is =
broken on master for OSX currently, see<br>
<a href=3D"https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D23503" rel=3D"no=
referrer" target=3D"_blank">https://debbugs.gnu.org/cgi/bugreport.cgi?bug=
=3D23503</a><br>
</blockquote></div><br></div><div class=3D"gmail_extra">When I do this, wit=
h my patch enabled, I get a buffer with:</div><div class=3D"gmail_extra"><b=
r></div><div class=3D"gmail_extra"><blockquote class=3D"gmail_quote" style=
=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;=
border-left-color:rgb(204,204,204);padding-left:1ex">Cache-Control: max-age=
=3D0<br>Expires: Tue, 05 Jul 2016 14:58:42 GMT<br>Content-Length: 3104<br>K=
eep-Alive: timeout=3D3, max=3D100<br>Connection: Keep-Alive<br>Content-Type=
: text/html<br>Content-Language: en<br>...</blockquote><div><br></div><div>=
Of course, it would have worked even before the patch since currently tls.e=
l by default attempts two connections via gnutls-tls and then tries via ope=
nssl s_client, which always worked for me (at least for ERC).=C2=A0</div><d=
iv><br></div><div>On 5 July 2016 at 17:36, Ted Zlatanov=C2=A0<span dir=3D"l=
tr">&lt;<a href=3D"mailto:tzz@HIDDEN" target=3D"_blank">tzz@lifelogs.=
com</a>&gt;</span>=C2=A0wrote:<blockquote class=3D"gmail_quote" style=3D"ma=
rgin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border=
-left-color:rgb(204,204,204);padding-left:1ex"><br>As you said, one of the =
key points of your patch is this:<br><br>-=C2=A0 &#39;(&quot;gnutls-cli --x=
509cafile %t -p %p %h&quot;<br>+=C2=A0 &#39;(&quot;gnutls-cli -p %p %h&quot=
;<br>+=C2=A0 =C2=A0 &quot;gnutls-cli --x509cafile %t -p %p %h&quot;<br></bl=
ockquote><div><br></div><div>I wouldn&#39;t characterize it as &quot;one of=
 the key points&quot; of my patch, and the patch would work just as well if=
 instead the line without --x509cafile was at the bottom of the list. Well,=
 it would work worse for some users, but the key word is that it would work=
 - except that now now it would take several more attempts to connect on my=
 computer and on OPs (instead of just not connecting at all for OP).=C2=A0<=
/div><div><br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0=
px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-colo=
r:rgb(204,204,204);padding-left:1ex">Which replaces the specific call with =
a generic call (no CA file<br>specified). This is probably less secure beca=
use it will use the system<br>CA trustfiles regardless of the user&#39;s pr=
eferred `gnutls-trustfiles&#39;, so<br>I&#39;d rather not make it the first=
 thing attempted.</blockquote><div><br></div><div>Personally, I also think =
that the default as defined in my current patch is preferable, since anyone=
 who messes around with the certificates would edit this variable e.g. to s=
et there --strict-tofu or the like (I did. It is a bit more annoying to use=
, but since I rarely open a new domain in emacs, it&#39;s not a big deal). =
For everyone else, they trust their system CAs all the time when they go on=
line. Especially considering that the previous default for this variable ha=
d &quot;--insecure&quot; in the arguments, I thought that the priorities fo=
r the new setting was 1&gt;2&gt;3 &quot;1. It is secure by default. 2. It w=
orks by default. 3. It is secure in edge cases&quot;, rather than 1&gt;3&gt=
;2.=C2=A0</div><div><br></div><div>Anyway, I do concede that the second ver=
sion is more secure. Attached is a patch that I hope is more to your liking=
. I put the the call that do not use an explicit certificate at the bottom =
of the list, even below the call to openssl s_client. I&#39;m not sure what=
 are the implications, as I don&#39;t know the relative merits of openssl s=
_client vs gnutls-cli. If you are inclined to educate me, please do as a sh=
ort googling did not reveal the answers.</div><div>=C2=A0</div><blockquote =
class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1=
px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:=
1ex">Once the libraries are installed, you&#39;re all set, they&#39;ll be u=
sed<br>automatically.<br></blockquote><div>=C2=A0</div></div><div>From what=
 both of you said, I still am not sure what is meant by &quot;native suppor=
t&quot;. However, for various reasons I don&#39;t like the version provided=
 in homebrew. I prefer the version from <a href=3D"https://emacsformacosx.c=
om" target=3D"_blank">https://emacsformacosx.com</a>. Noam, is this=C2=A0<i=
>&quot;one of the pre-built binary packages&quot;</i>=C2=A0you were referri=
ng to, or did you mean something else? How will I know that the libraries a=
re being used? Finally, is there a way to test them explicitly? Anyway, it =
seems that the version I got from the site above does not have built in gnu=
tls:</div><div><br></div><div><div>system-configuration-features is a varia=
ble defined in =E2=80=98C source code=E2=80=99.</div><div>Its value is &quo=
t;NOTIFY ACL LIBXML2 ZLIB TOOLKIT_SCROLL_BARS NS&quot;</div></div><div><div=
>system-configuration-options is a variable defined in =E2=80=98C source co=
de=E2=80=99.</div><div>Its value is</div><div>&quot;--with-ns &#39;--enable=
-locallisppath=3D/Library/Application Support/Emacs/${version}/site-lisp:/L=
ibrary/Application Support/Emacs/site-lisp&#39;</div></div><div><br></div><=
div>I&#39;ll build one myself and see if the results I get are any differen=
t.</div><div><br></div><div>Thanks for your time,</div><div>Kosta</div></di=
v></div>

--001a1144405a07ee0f0536e65199--

--001a1144405a07ee160536e6519b
Content-Type: application/octet-stream; 
	name="0001-tls-Make-open-tls-stream-try-all-gnutls-trustfiles-a.patch"
Content-Disposition: attachment; 
	filename="0001-tls-Make-open-tls-stream-try-all-gnutls-trustfiles-a.patch"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_iq9oi4570

RnJvbSBkZWNjYmI1NGQ3ODRjYzIwYmY0NjA3MjQ5ODA3MTIzNWIwODc3OTViIE1vbiBTZXAgMTcg
MDA6MDA6MDAgMjAwMQpGcm9tOiBLb25zdGFudGluIEtsaWFraGFuZGxlciA8a29zdGFAc2x1bXB5
Lm9yZz4KRGF0ZTogU2F0LCAyIEp1bCAyMDE2IDAyOjQyOjMzICswMzAwClN1YmplY3Q6IFtQQVRD
SF0gdGxzOiBNYWtlIG9wZW4tdGxzLXN0cmVhbSB0cnkgYWxsIGdudXRscy10cnVzdGZpbGVzIGFu
ZCBzZXQKIGJldHRlciBkZWZhdWx0IHRscy1wcm9ncmFtCgpUaGlzIGZpeGVzIHRoZSBidWcgcmVw
b3J0ZWQgaW4gaHR0cHM6Ly9saXN0cy5nbnUub3JnL2FyY2hpdmUvaHRtbC9idWctZ251LWVtYWNz
LzIwMTYtMDYvbXNnMDA1NTMuaHRtbAoKKiBsaXNwL25ldC90bHMuZWwgKG9wZW4tdGxzLXN0cmVh
bSk6IEl0ZXJhdGUgb24gYWxsIGZvdW5kCiAgZ251dGxzLXRydXN0ZmlsZXMgaW5zdGVhZCBvZiBz
dGlja2luZyB3aXRoIHRoZSBmaXJzdCBvbmUgZm91bmQKCih0bHMtcHJvZ3JhbSk6IFNldCB0aGUg
ZGVmYXVsdCB0byBhIGxpc3QgdGhhdCBpbmNsdWRlcyBib3RoCmdudXRscy10cnVzdGZpbGVzIHN1
YnN0aXR1dGlvbiBhbmQgd2l0aG91dCBpdC4KLS0tCiBsaXNwL25ldC90bHMuZWwgfCAyMiArKysr
KysrKysrKysrKysrLS0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgMTYgaW5zZXJ0aW9ucygrKSwgNiBk
ZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9saXNwL25ldC90bHMuZWwgYi9saXNwL25ldC90bHMu
ZWwKaW5kZXggZjEyMTlmZC4uYmMyMDY4NSAxMDA2NDQKLS0tIGEvbGlzcC9uZXQvdGxzLmVsCisr
KyBiL2xpc3AvbmV0L3Rscy5lbApAQCAtNzksNyArNzksMTAgQEAgYW5kIGBnbnV0bHMtY2xpJyAo
dmVyc2lvbiAyLjAuMSkgb3V0cHV0LiIKIChkZWZjdXN0b20gdGxzLXByb2dyYW0KICAgJygiZ251
dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQgLXAgJXAgJWgiCiAgICAgImdudXRscy1jbGkgLS14NTA5
Y2FmaWxlICV0IC1wICVwICVoIC0tcHJvdG9jb2xzIHNzbDMiCi0gICAgIm9wZW5zc2wgc19jbGll
bnQgLWNvbm5lY3QgJWg6JXAgLW5vX3NzbDIgLWlnbl9lb2YiKQorICAgICJvcGVuc3NsIHNfY2xp
ZW50IC1DQWZpbGUgJXQgLWNvbm5lY3QgJWg6JXAgLW5vX3NzbDIgLWlnbl9lb2YiCisgICAgIm9w
ZW5zc2wgc19jbGllbnQgLWNvbm5lY3QgJWg6JXAgLW5vX3NzbDIgLWlnbl9lb2YiCisgICAgImdu
dXRscy1jbGkgLXAgJXAgJWgiKQorCiAgICJMaXN0IG9mIHN0cmluZ3MgY29udGFpbmluZyBjb21t
YW5kcyB0byBzdGFydCBUTFMgc3RyZWFtIHRvIGEgaG9zdC4KIEVhY2ggZW50cnkgaW4gdGhlIGxp
c3QgaXMgdHJpZWQgdW50aWwgYSBjb25uZWN0aW9uIGlzIHN1Y2Nlc3NmdWwuCiAlaCBpcyByZXBs
YWNlZCB3aXRoIHRoZSBzZXJ2ZXIgaG9zdG5hbWUsICVwIHdpdGggdGhlIHBvcnQgdG8KQEAgLTk1
LDEyICs5OCwxNiBAQCBzdWNjZXNzZnVsIG5lZ290aWF0aW9uLiIKICAgICAoY29uc3QgOnRhZyAi
RGVmYXVsdCBsaXN0IG9mIGNvbW1hbmRzIgogCSAgICgiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUg
JXQgLXAgJXAgJWgiCiAJICAgICJnbnV0bHMtY2xpIC0teDUwOWNhZmlsZSAldCAtcCAlcCAlaCAt
LXByb3RvY29scyBzc2wzIgotCSAgICAib3BlbnNzbCBzX2NsaWVudCAtQ0FmaWxlICV0IC1jb25u
ZWN0ICVoOiVwIC1ub19zc2wyIC1pZ25fZW9mIikpCisJICAgICJvcGVuc3NsIHNfY2xpZW50IC1D
QWZpbGUgJXQgLWNvbm5lY3QgJWg6JXAgLW5vX3NzbDIgLWlnbl9lb2YiCisgICAgICAgICAgICAi
Z251dGxzLWNsaSAtcCAlcCAlaCIKKyAgICAgICAgICAgICJvcGVuc3NsIHNfY2xpZW50IC1jb25u
ZWN0ICVoOiVwIC1ub19zc2wyIC1pZ25fZW9mIikpCiAgICAgKGxpc3QgOnRhZyAiQ2hvb3NlIGNv
bW1hbmRzIgogCSAgOnZhbHVlCiAJICAoImdudXRscy1jbGkgLS14NTA5Y2FmaWxlICV0IC1wICVw
ICVoIgogCSAgICJnbnV0bHMtY2xpIC0teDUwOWNhZmlsZSAldCAtcCAlcCAlaCAtLXByb3RvY29s
cyBzc2wzIgotCSAgICJvcGVuc3NsIHNfY2xpZW50IC1jb25uZWN0ICVoOiVwIC1ub19zc2wyIC1p
Z25fZW9mIikKKwkgICAib3BlbnNzbCBzX2NsaWVudCAtQ0FmaWxlICV0IC1jb25uZWN0ICVoOiVw
IC1ub19zc2wyIC1pZ25fZW9mIgorICAgICAgICAgICAiZ251dGxzLWNsaSAtcCAlcCAlaCIKKyAg
ICAgICAgICAgIm9wZW5zc2wgc19jbGllbnQgLWNvbm5lY3QgJWg6JXAgLW5vX3NzbDIgLWlnbl9l
b2YiKQogCSAgKHNldCA6aW5saW5lIHQKIAkgICAgICAgOzsgRklYTUU6IGFkZCBicmllZiBgOnRh
ZyAiLi4uIicgZGVzY3JpcHRpb25zLgogCSAgICAgICA7OyAocmVwZWF0IDppbmxpbmUgdCA6dGFn
ICJPdGhlciIgKHN0cmluZykpCkBAIC0yMjcsMTIgKzIzNCwxNSBAQCBGb3VydGggYXJnIFBPUlQg
aXMgYW4gaW50ZWdlciBzcGVjaWZ5aW5nIGEgcG9ydCB0byBjb25uZWN0IHRvLiIKICAgICAod2l0
aC1jdXJyZW50LWJ1ZmZlciBidWZmZXIKICAgICAgIChtZXNzYWdlICJPcGVuaW5nIFRMUyBjb25u
ZWN0aW9uIHRvIGAlcycuLi4iIGhvc3QpCiAgICAgICAod2hpbGUgKGFuZCAobm90IGRvbmUpIChz
ZXRxIGNtZCAocG9wIGNtZHMpKSkKLQkobGV0ICgocHJvY2Vzcy1jb25uZWN0aW9uLXR5cGUgdGxz
LXByb2Nlc3MtY29ubmVjdGlvbi10eXBlKQorICAgICAgICAobGV0ICgodHJ1c3RmaWxlcyAoZ251
dGxzLXRydXN0ZmlsZXMpKQorCSAgICAgICh0cnVzdGZpbGUgbmlsKSkKKyAgICAgICAgICAod2hp
bGUgKGFuZCAobm90IGRvbmUpIChzZXRxIHRydXN0ZmlsZSAocG9wIHRydXN0ZmlsZXMpKSkKKyAg
ICAgICAgKGxldCAoKHByb2Nlc3MtY29ubmVjdGlvbi10eXBlIHRscy1wcm9jZXNzLWNvbm5lY3Rp
b24tdHlwZSkKIAkgICAgICAoZm9ybWF0dGVkLWNtZAogCSAgICAgICAoZm9ybWF0LXNwZWMKIAkJ
Y21kCiAJCShmb3JtYXQtc3BlYy1tYWtlCi0gICAgICAgICAgICAgICAgID90IChjYXIgKGdudXRs
cy10cnVzdGZpbGVzKSkKKyAgICAgICAgICAgICAgICAgP3QgdHJ1c3RmaWxlCiAJCSA/aCBob3N0
CiAJCSA/cCAoaWYgKGludGVnZXJwIHBvcnQpCiAJCQkoaW50LXRvLXN0cmluZyBwb3J0KQpAQCAt
MjY5LDcgKzI3OSw3IEBAIEZvdXJ0aCBhcmcgUE9SVCBpcyBhbiBpbnRlZ2VyIHNwZWNpZnlpbmcg
YSBwb3J0IHRvIGNvbm5lY3QgdG8uIgogCSAgICAgIChpZiBzdGFydC1vZi1kYXRhCiAJCSAgOzsg
bW92ZSBwb2ludCB0byBzdGFydCBvZiBjbGllbnQgZGF0YQogCQkgIChnb3RvLWNoYXIgc3RhcnQt
b2YtZGF0YSkpKQotCSAgICAoc2V0cSBkb25lIHByb2Nlc3MpKSkpCisJICAgIChzZXRxIGRvbmUg
cHJvY2VzcykpKSkpKQogICAgICAgKHdoZW4gKGFuZCBkb25lCiAJCSAob3IKIAkJICAoYW5kIHRs
cy1jaGVja3RydXN0Ci0tIAoyLjkuMAoK
--001a1144405a07ee160536e6519b--




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#23759; Package emacs. Full text available.

Message received at 23759 <at> debbugs.gnu.org:


Received: (at 23759) by debbugs.gnu.org; 5 Jul 2016 14:49:46 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jul 05 10:49:46 2016
Received: from localhost ([127.0.0.1]:38379 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1bKRfW-0004GN-G8
	for submit <at> debbugs.gnu.org; Tue, 05 Jul 2016 10:49:46 -0400
Received: from mail-oi0-f45.google.com ([209.85.218.45]:33977)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <npostavs@HIDDEN>) id 1bKRfU-0004GA-Vv
 for 23759 <at> debbugs.gnu.org; Tue, 05 Jul 2016 10:49:45 -0400
Received: by mail-oi0-f45.google.com with SMTP id s66so231988760oif.1
 for <23759 <at> debbugs.gnu.org>; Tue, 05 Jul 2016 07:49:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:sender:in-reply-to:references:from:date:message-id
 :subject:to:cc;
 bh=Oc451nd0lpsE2Y8QTZf81S+hfV8emVgRXu0VXjJYc+k=;
 b=j/ll+KQ0o2K8R+7EIsk9Z8RPR7natgKqBxUbBDtS7/PlG+QlAMkK5KKauyFy0JNSf7
 /eUr5LXexFw49q1XQ0Yh39eY3Yn504Sp1vO5oC8GpEMsd8J6oHPHMJaa4KC3MDZDMWZ2
 u3QbxMjPrJc2cPsyGZHmJ7vhlbEWT2lgYFMmErTUdyIYHd6ZHdiYkMU2dpTAdzRQTlFu
 x1pBCL0/3JVNle2YR4ecbFYRdtFSnxl02uQce9zupRTjTZDWQ++jgzxk1FKvuW5UM9VC
 ueD06hfDycK60j8KDTA4KrFnuvlxwEFffMNiibWDkF52W7gOornV6WgrUKAHse0RMLW2
 Tx/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
 :date:message-id:subject:to:cc;
 bh=Oc451nd0lpsE2Y8QTZf81S+hfV8emVgRXu0VXjJYc+k=;
 b=aph5uWI+KxftEBBr1WAoOuaFzPYXilNYLAddWer4u4diYhUo7FV6e+/WTkeXzIJzM1
 uv7iqc/EbKuT74jFa01cj/fU7d7MuRxoDJBFRW4F3fLI3mGsqTumvKyljxRpbNH6CgY+
 1wJdnKabgh5hAVaRzyajQfbhAnF6ZSF1LeIYbBl77MArfffuNzfiDuAyx1YEVp6IkzII
 RiUfM7l4OJiBDtfnlF+qZULabwO7foz1jdsJ5462NGP6sp72JSb2lQxD/0UhdvOQrmCH
 /Ygq4cbjxveEIfdWMLmEW9JtH5+B4eZAG+0ZtOmtDnFqlfOsbG6q42/MoZ/aMiheA4yN
 pybg==
X-Gm-Message-State: ALyK8tI+mOdpzfDWn97e+HLHBKeXfhdltKhR2GzQMBdY4BRsB5Fh/Xceil1R4JPhJO0PGxlvJf960vw/IKgt5g==
X-Received: by 10.157.35.110 with SMTP id k43mr4585608otd.134.1467730179265;
 Tue, 05 Jul 2016 07:49:39 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.20.106 with HTTP; Tue, 5 Jul 2016 07:49:38 -0700 (PDT)
In-Reply-To: <87wpl0gnjf.fsf@HIDDEN>
References: <87y46ahz23.fsf@HIDDEN>
 <CAH+LVpk1DoqS5mdOX9-5YZ6RqntM+4+UQC9BPhwAZmAb=n6zWA@HIDDEN>
 <87wpl0gnjf.fsf@HIDDEN>
From: Noam Postavsky <npostavs@HIDDEN>
Date: Tue, 5 Jul 2016 10:49:38 -0400
X-Google-Sender-Auth: ht9-ukV1H7AYe4elIFFYAsZVv_g
Message-ID: <CAM-tV-80k9Ue7ECvd_vzoYzuFYLT6amf1MSQzcn1XVYVPNByhQ@HIDDEN>
Subject: Re: bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed
 gnutls-cli command if trusted cert files don't exist
To: Ted Zlatanov <tzz@HIDDEN>
Content-Type: text/plain; charset=UTF-8
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 23759
Cc: 23759 <at> debbugs.gnu.org, Konstantin Kliakhandler <kosta@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

On Tue, Jul 5, 2016 at 10:36 AM, Ted Zlatanov <tzz@HIDDEN> wrote:
>
> KK> Finally, I'm experiencing the above behavior, as far as I can tell, by
> KK> default in e.g. erc-tls. What is the proper way to move to the built in
> KK> TLS? Is it likely to be something in my config or in the implementation of
> KK> ERC?
>
> On Mac OS X, you can use Homebrew to build it with all the nice
> libraries, or use one of the pre-built binary packages.
>
> brew update && brew reinstall emacs --HEAD --use-git-head --cocoa --with-gnutls --with-rsvg --with-imagemagick

I think gnutls is broken on master for OSX currently, see
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=23503




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#23759; Package emacs. Full text available.

Message received at 23759 <at> debbugs.gnu.org:


Received: (at 23759) by debbugs.gnu.org; 5 Jul 2016 14:36:22 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jul 05 10:36:21 2016
Received: from localhost ([127.0.0.1]:38360 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1bKRSX-0003xs-N0
	for submit <at> debbugs.gnu.org; Tue, 05 Jul 2016 10:36:21 -0400
Received: from mail-pa0-f46.google.com ([209.85.220.46]:34075)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <tzz@HIDDEN>) id 1bKRSV-0003xe-0W
 for 23759 <at> debbugs.gnu.org; Tue, 05 Jul 2016 10:36:19 -0400
Received: by mail-pa0-f46.google.com with SMTP id bz2so67946549pad.1
 for <23759 <at> debbugs.gnu.org>; Tue, 05 Jul 2016 07:36:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google;
 h=from:to:cc:subject:organization:references:mail-copies-to
 :gmane-reply-to-list:date:in-reply-to:message-id:user-agent
 :mime-version; bh=I8xqkgsV5zPfAq0qgrR7hhKN9G2nuEJ6xr1hh5R+Fnw=;
 b=slvC0AXT7TMF9HkcUrh6FwHnRQgbxr3FFjmk+h35w2IAM+wikm8p4+RE+ERbfkslLo
 rPBj6IGDgrvJSsulhot1E3gHEA5zc/7T2vx1ZN2V6+NIivnVhDu0lsNbyq3WHGkHIjwF
 YvE68Ei3QSjMI8ZnJXSd1wTuW8DBK7Nd1q7Gs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:from:to:cc:subject:organization:references
 :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id
 :user-agent:mime-version;
 bh=I8xqkgsV5zPfAq0qgrR7hhKN9G2nuEJ6xr1hh5R+Fnw=;
 b=mxRvzSq+VSJxqoiFAFfmy4qjWmHVTAuYgToydcgz0FIrYmorN5KPHb+eMu3px9Bwpc
 Z2bwUuxW1WWnKjYH4LH5FC+VLo2fyWXJrEd4FII8NJCmAtW0oVPTRV62W4atNtMhmHmz
 vlFaqs5ZA+NKVskaHjNyK7UfJMha8mGLeLtYLmOdaF5VCOImDPdO0ThLfgGnVaCYowzf
 bRa71F+hC1xhOJmNbacmy5R7fGpFFLMM8Y+hGFR71WkuIBjIifIpQK0+HqGTJsD2O3S3
 5MQLlc8qgz24F6RnzXvb3I470dm2OLNSDhyrYZ+DVKOIt/Un4ZhadmKcT5pdyV5Rjl9L
 iNjA==
X-Gm-Message-State: ALyK8tJbvBXsThAhrcH7KjQ/MzEiuJKrTmwigczUc3tzSizwPthc45HjS43lSAQCE/t2mQ==
X-Received: by 10.66.86.103 with SMTP id o7mr33299294paz.5.1467729372534;
 Tue, 05 Jul 2016 07:36:12 -0700 (PDT)
Received: from flea (c-98-229-60-157.hsd1.ma.comcast.net. [98.229.60.157])
 by smtp.gmail.com with ESMTPSA id bt5sm5876418pac.47.2016.07.05.07.36.07
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 05 Jul 2016 07:36:09 -0700 (PDT)
From: Ted Zlatanov <tzz@HIDDEN>
To: Konstantin Kliakhandler <kosta@HIDDEN>
Subject: Re: bug#23759: 25.1.50; 25.1.50;
 open-tls-stream creates malformed gnutls-cli command if trusted cert
 files don't exist
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
References: <87y46ahz23.fsf@HIDDEN>
 <CAH+LVpk1DoqS5mdOX9-5YZ6RqntM+4+UQC9BPhwAZmAb=n6zWA@HIDDEN>
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
 d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
 D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
Gmane-Reply-To-List: yes
Date: Tue, 05 Jul 2016 10:36:04 -0400
In-Reply-To: <CAH+LVpk1DoqS5mdOX9-5YZ6RqntM+4+UQC9BPhwAZmAb=n6zWA@HIDDEN>
 (Konstantin Kliakhandler's message of "Sat, 2 Jul 2016 10:09:50
 +0300")
Message-ID: <87wpl0gnjf.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 23759
Cc: 23759 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

On Sat, 2 Jul 2016 10:09:50 +0300 Konstantin Kliakhandler <kosta@HIDDEN> wrote: 

KK> The problem: `open-tls-stream' replaces %t with exactly one element, which
KK> is nil if none of gnutls-trustfiles is readable, and the first element of
KK> gnutls-trustfiles is more than one is readable.
KK> The Solution: In the patch I make the test iterate on all the trustfiles as
KK> a user might have more than one relevant. In addition, I made the default
KK> setting for tls-program have entries that do not explicitly specify the
KK> trustfile.

KK> One thing to note here perhaps, is that if (gnutls-trustfiles) returns an
KK> empty list and one has the %t substitution in one of the tls-program
KK> entries, then that entry will not be run at all. I feel that this is
KK> reasonable since by setting --x509cafile nil one makes gnutls-cli fail
KK> anyway.

As you said, one of the key points of your patch is this:

-  '("gnutls-cli --x509cafile %t -p %p %h"
+  '("gnutls-cli -p %p %h"
+    "gnutls-cli --x509cafile %t -p %p %h"

Which replaces the specific call with a generic call (no CA file
specified). This is probably less secure because it will use the system
CA trustfiles regardless of the user's preferred `gnutls-trustfiles', so
I'd rather not make it the first thing attempted.

KK> Finally, I'm experiencing the above behavior, as far as I can tell, by
KK> default in e.g. erc-tls. What is the proper way to move to the built in
KK> TLS? Is it likely to be something in my config or in the implementation of
KK> ERC?

On Mac OS X, you can use Homebrew to build it with all the nice
libraries, or use one of the pre-built binary packages.

brew update && brew reinstall emacs --HEAD --use-git-head --cocoa --with-gnutls --with-rsvg --with-imagemagick

On W32, you need the right DLLs installed.

Once the libraries are installed, you're all set, they'll be used
automatically.

Ted




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#23759; Package emacs. Full text available.

Message received at 23759 <at> debbugs.gnu.org:


Received: (at 23759) by debbugs.gnu.org; 2 Jul 2016 16:55:13 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jul 02 12:55:13 2016
Received: from localhost ([127.0.0.1]:34834 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1bJOCG-0004Hm-81
	for submit <at> debbugs.gnu.org; Sat, 02 Jul 2016 12:55:12 -0400
Received: from mail-wm0-f53.google.com ([74.125.82.53]:38862)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <kosta@HIDDEN>) id 1bJF4B-0005UB-RE
 for 23759 <at> debbugs.gnu.org; Sat, 02 Jul 2016 03:10:17 -0400
Received: by mail-wm0-f53.google.com with SMTP id r201so53762285wme.1
 for <23759 <at> debbugs.gnu.org>; Sat, 02 Jul 2016 00:10:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=slumpy-org.20150623.gappssmtp.com; s=20150623;
 h=mime-version:from:date:message-id:subject:to;
 bh=yhzrOxOpIMr378+kVLpvG5UUU0NDNIe9T3ykjR9aFAQ=;
 b=qTKoOUgLpVsoKBojBOzOZpnc9OPJcbcIbX9VuYlBfu8XwMcwgLdLGC3ukDD/gaRJNW
 7JPWzQ38N+9kT+ZF4bWNp6OxmU3gCpX0CieDV+tA2PfdLaESAu8mFSD0OptZOMSizDjr
 /0T/cdtEjIQJmqPZnmEiId4gQ4bFNYnTVWWsDpIzVLFVSTFxNjXCDAy44qoWP/R9Ptew
 Ygq18NpoLJpKlDVWqMbzYwFkaPXGAwUtgcwHpsqyO9KMLG8jWtrfpmRBazMjD+KXDasB
 7dWbmlyX1R8/YxziWIkCAazNXmVAqk4Za5LxqvCBRojDUfi3bq0w/tDHp1t5foL4w8do
 N2tw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=yhzrOxOpIMr378+kVLpvG5UUU0NDNIe9T3ykjR9aFAQ=;
 b=jheyRF2gVtc0zjSuSGbyYpSjVZHm4x3mcCkA3J5WKdIQ3/HAdWkb+iRhKrLhWmAw7Y
 igcUlOMzT+qsVRdp1p3wOMyyMUGWutzKOgcNaqaV+H7ntts+oJmqFMbqQLt7xWKbR71m
 z+uqQezjXuDvjETw7nxFAAQmt7+k00pD82I3w1k5RzjYnK+qGkRhEdhSTrYvjBs+XNYx
 uut4pOK9ebbaZlVuA1doIxvZzHXYxYo3RddKSxsortGZJE9c2n+m7tUhyuJ7BlgjiXHr
 AheuV3h6N3fcQeqvZDIpHXphXv18sc6ux/EO4/c6DPElnUp/fGjdweQn7jvUOlh6YwTd
 cc8A==
X-Gm-Message-State: ALyK8tKX5UxE/Ifk/JFiEbPWdYzks7VdKZpRzsi2+pmQ/eTQHw2C1wu6VBHoiHFi4smNB2+llFPIW0t1p9eE+grl
X-Received: by 10.28.148.1 with SMTP id w1mr1866925wmd.63.1467443410039; Sat,
 02 Jul 2016 00:10:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.99.214 with HTTP; Sat, 2 Jul 2016 00:09:50 -0700 (PDT)
From: Konstantin Kliakhandler <kosta@HIDDEN>
Date: Sat, 2 Jul 2016 10:09:50 +0300
Message-ID: <CAH+LVpk1DoqS5mdOX9-5YZ6RqntM+4+UQC9BPhwAZmAb=n6zWA@HIDDEN>
Subject: Re: bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed
 gnutls-cli command if trusted cert files don't exist
To: 23759 <at> debbugs.gnu.org
Content-Type: multipart/mixed; boundary=001a114c23b42f2ed10536a1cba4
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 23759
X-Mailman-Approved-At: Sat, 02 Jul 2016 12:55:10 -0400
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

--001a114c23b42f2ed10536a1cba4
Content-Type: multipart/alternative; boundary=001a114c23b42f2ecb0536a1cba2

--001a114c23b42f2ecb0536a1cba2
Content-Type: text/plain; charset=UTF-8

Hello,

First, I apologize for the double posting - I realize that I sent the
previous message with a messed up subject and this caused it not to be
grouped with the rest of the messages in this bug, and to not appear in the
tracker. I hope this second one will work now.

I am using emacs on OSX 10.12 from https://emacsformacosx.com/builds:

(emacs-version)
"GNU Emacs 25.1.50.1 (x86_64-apple-darwin13.4.0, NS appkit-1265.21 Version
10.9.5 (Build 13F1603))
 of 2016-05-30"

And experience the same problem when running emacs -Q. Furthermore, I
diagnosed the cause to be incorrect building of formatted-cmd in
open-tls-stream from the given arguments. Attached is a patch that fixes
the problem on my end. To make the patch smaller, I did not reindent the
whole function - I hope this is alright.

Finally, I'd like to reply to:


> Fran <flitterio <at> gmail.com> writes:

> If Cygwin is installed, open-tls-stream works, because gnutls-cli and
> openssl
> > are available. It has worked for some time. I routinely use this feature
> to
> > enable ERC to connect to servers using TLS using function erc-tls.



> At some point, tls.el will be deprecated. Why aren't you just using
> Emacs with the built-in TLS support?


In my honest opinion, a feature is either deprecated or not, and while it
is not yet deprecated, bugs should not be ignored. I hope you would agree
at least to the point of testing the patch and incorporating it if it works
well :-)

Fuller description of the problem and the fix:

The problem: `open-tls-stream' replaces %t with exactly one element, which
is nil if none of gnutls-trustfiles is readable, and the first element of
gnutls-trustfiles is more than one is readable.
The Solution: In the patch I make the test iterate on all the trustfiles as
a user might have more than one relevant. In addition, I made the default
setting for tls-program have entries that do not explicitly specify the
trustfile.

One thing to note here perhaps, is that if (gnutls-trustfiles) returns an
empty list and one has the %t substitution in one of the tls-program
entries, then that entry will not be run at all. I feel that this is
reasonable since by setting --x509cafile nil one makes gnutls-cli fail
anyway.

Finally, I'm experiencing the above behavior, as far as I can tell, by
default in e.g. erc-tls. What is the proper way to move to the built in
TLS? Is it likely to be something in my config or in the implementation of
ERC?

Thanks,
Kosta

--001a114c23b42f2ecb0536a1cba2
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><div class=3D"gmail_signature" data-smartmail=3D"gmai=
l_signature"><div dir=3D"ltr">Hello,<br></div></div></div><div class=3D"gma=
il_quote"><div dir=3D"ltr"><div><div><br></div><div>First, I apologize for =
the double posting - I realize that I sent the previous message with a mess=
ed up subject and this caused it not to be grouped with the rest of the mes=
sages in this bug, and to not appear in the tracker. I hope this second one=
 will work now.</div><div><br></div><div>I am using emacs on OSX 10.12 from=
 <a href=3D"https://emacsformacosx.com/builds" target=3D"_blank">https://em=
acsformacosx.com/builds</a>:=C2=A0</div><div><br></div><div><div>(emacs-ver=
sion)</div></div><div><div>&quot;GNU Emacs 25.1.50.1 (x86_64-apple-darwin13=
.4.0, NS appkit-1265.21 Version 10.9.5 (Build 13F1603))</div><div>=C2=A0of =
2016-05-30&quot;</div></div><div><br></div><div>And experience the same pro=
blem when running emacs -Q. Furthermore, I diagnosed the cause to be incorr=
ect building of formatted-cmd in open-tls-stream from the given arguments. =
Attached is a patch that fixes the problem on my end. To make the patch sma=
ller, I did not reindent the whole function - I hope this is alright.=C2=A0=
</div><div><br></div><div>Finally, I&#39;d like to reply to:</div><div>=C2=
=A0</div><blockquote style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1p=
x;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1=
ex" class=3D"gmail_quote">Fran &lt;flitterio &lt;at&gt; <a href=3D"http://g=
mail.com" target=3D"_blank">gmail.com</a>&gt; writes:</blockquote><blockquo=
te style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-styl=
e:solid;border-left-color:rgb(204,204,204);padding-left:1ex" class=3D"gmail=
_quote">&gt; If Cygwin is installed, open-tls-stream works, because gnutls-=
cli and openssl<br>&gt; are available. It has worked for some time. I routi=
nely use this feature to<br>&gt; enable ERC to connect to servers using TLS=
 using function erc-tls.
</blockquote><div>=C2=A0</div><blockquote style=3D"margin:0px 0px 0px 0.8ex=
;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,20=
4,204);padding-left:1ex" class=3D"gmail_quote">At some point, tls.el will b=
e deprecated.  Why aren&#39;t you just using<br>Emacs with the built-in TLS=
 support?</blockquote><div><br></div><div>In my honest opinion, a feature i=
s either deprecated or not, and while it is not yet deprecated, bugs should=
 not be ignored. I hope you would agree at least to the point of testing th=
e patch and incorporating it if it works well :-)</div><div><br></div><div>=
Fuller description of the problem and the fix:</div><div><br></div><div>The=
 problem: `open-tls-stream&#39; replaces %t with exactly one element, which=
 is nil if none of gnutls-trustfiles is readable, and the first element of =
gnutls-trustfiles is more than one is readable.</div><div>The Solution: In =
the patch I make the test iterate on all the trustfiles as a user might hav=
e more than one relevant. In addition, I made the default setting for tls-p=
rogram have entries that do not explicitly specify the trustfile.</div><div=
><br></div><div>One thing to note here perhaps, is that if (gnutls-trustfil=
es) returns an empty list and one has the %t substitution in one of the tls=
-program entries, then that entry will not be run at all. I feel that this =
is reasonable since by setting --x509cafile nil one makes gnutls-cli fail a=
nyway.=C2=A0</div><div><br></div><div>Finally, I&#39;m experiencing the abo=
ve behavior, as far as I can tell, by default in e.g. erc-tls. What is the =
proper way to move to the built in TLS? Is it likely to be something in my =
config or in the implementation of ERC?</div><div><br></div></div><div>Than=
ks,</div><div>Kosta</div></div>
</div><br></div>

--001a114c23b42f2ecb0536a1cba2--

--001a114c23b42f2ed10536a1cba4
Content-Type: application/octet-stream; 
	name="0001-tls-Make-open-tls-stream-try-all-gnutls-trustfiles-a.patch"
Content-Disposition: attachment; 
	filename="0001-tls-Make-open-tls-stream-try-all-gnutls-trustfiles-a.patch"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_iq4elcyt0

RnJvbSAwNTdmYzkxNThlODE2ZTUyMjBiOTMwM2EyYjYzNGVhYjFkN2M3MzVlIE1vbiBTZXAgMTcg
MDA6MDA6MDAgMjAwMQpGcm9tOiBLb25zdGFudGluIEtsaWFraGFuZGxlciA8a29zdGFAc2x1bXB5
Lm9yZz4KRGF0ZTogU2F0LCAyIEp1bCAyMDE2IDAyOjQyOjMzICswMzAwClN1YmplY3Q6IFtQQVRD
SF0gdGxzOiBNYWtlIG9wZW4tdGxzLXN0cmVhbSB0cnkgYWxsIGdudXRscy10cnVzdGZpbGVzIGFu
ZCBzZXQKIGJldHRlciBkZWZhdWx0IHRscy1wcm9ncmFtCgpUaGlzIGZpeGVzIHRoZSBidWcgcmVw
b3J0ZWQgaW4gaHR0cHM6Ly9saXN0cy5nbnUub3JnL2FyY2hpdmUvaHRtbC9idWctZ251LWVtYWNz
LzIwMTYtMDYvbXNnMDA1NTMuaHRtbAoKKiBsaXNwL25ldC90bHMuZWwgKG9wZW4tdGxzLXN0cmVh
bSk6IEl0ZXJhdGUgb24gYWxsIGZvdW5kCiAgZ251dGxzLXRydXN0ZmlsZXMgaW5zdGVhZCBvZiBz
dGlja2luZyB3aXRoIHRoZSBmaXJzdCBvbmUgZm91bmQKCih0bHMtcHJvZ3JhbSk6IFNldCB0aGUg
ZGVmYXVsdCB0byBhIGxpc3QgdGhhdCBpbmNsdWRlcyBib3RoCmdudXRscy10cnVzdGZpbGVzIHN1
YnN0aXR1dGlvbiBhbmQgd2l0aG91dCBpdC4KLS0tCiBsaXNwL25ldC90bHMuZWwgfCAyNSArKysr
KysrKysrKysrKysrKy0tLS0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgMTcgaW5zZXJ0aW9ucygrKSwg
OCBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9saXNwL25ldC90bHMuZWwgYi9saXNwL25ldC90
bHMuZWwKaW5kZXggZjEyMTlmZC4uNzg5MGFjMCAxMDA2NDQKLS0tIGEvbGlzcC9uZXQvdGxzLmVs
CisrKyBiL2xpc3AvbmV0L3Rscy5lbApAQCAtNzcsOSArNzcsMTEgQEAgYW5kIGBnbnV0bHMtY2xp
JyAodmVyc2lvbiAyLjAuMSkgb3V0cHV0LiIKICAgOmdyb3VwICd0bHMpCiAKIChkZWZjdXN0b20g
dGxzLXByb2dyYW0KLSAgJygiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQgLXAgJXAgJWgiCisg
ICcoImdudXRscy1jbGkgLXAgJXAgJWgiCisgICAgImdudXRscy1jbGkgLS14NTA5Y2FmaWxlICV0
IC1wICVwICVoIgogICAgICJnbnV0bHMtY2xpIC0teDUwOWNhZmlsZSAldCAtcCAlcCAlaCAtLXBy
b3RvY29scyBzc2wzIgotICAgICJvcGVuc3NsIHNfY2xpZW50IC1jb25uZWN0ICVoOiVwIC1ub19z
c2wyIC1pZ25fZW9mIikKKyAgICAib3BlbnNzbCBzX2NsaWVudCAtY29ubmVjdCAlaDolcCAtbm9f
c3NsMiAtaWduX2VvZiIKKyAgICAib3BlbnNzbCBzX2NsaWVudCAtQ0FmaWxlICV0IC1jb25uZWN0
ICVoOiVwIC1ub19zc2wyIC1pZ25fZW9mIikKICAgIkxpc3Qgb2Ygc3RyaW5ncyBjb250YWluaW5n
IGNvbW1hbmRzIHRvIHN0YXJ0IFRMUyBzdHJlYW0gdG8gYSBob3N0LgogRWFjaCBlbnRyeSBpbiB0
aGUgbGlzdCBpcyB0cmllZCB1bnRpbCBhIGNvbm5lY3Rpb24gaXMgc3VjY2Vzc2Z1bC4KICVoIGlz
IHJlcGxhY2VkIHdpdGggdGhlIHNlcnZlciBob3N0bmFtZSwgJXAgd2l0aCB0aGUgcG9ydCB0bwpA
QCAtOTMsMTQgKzk1LDE4IEBAIHN1Y2Nlc3NmdWwgbmVnb3RpYXRpb24uIgogICA6dHlwZQogICAn
KGNob2ljZQogICAgIChjb25zdCA6dGFnICJEZWZhdWx0IGxpc3Qgb2YgY29tbWFuZHMiCi0JICAg
KCJnbnV0bHMtY2xpIC0teDUwOWNhZmlsZSAldCAtcCAlcCAlaCIKKwkgICAoImdudXRscy1jbGkg
LXAgJXAgJWgiCisgICAgICAgICAgICAiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQgLXAgJXAg
JWgiCiAJICAgICJnbnV0bHMtY2xpIC0teDUwOWNhZmlsZSAldCAtcCAlcCAlaCAtLXByb3RvY29s
cyBzc2wzIgorICAgICAgICAgICAgIm9wZW5zc2wgc19jbGllbnQgLWNvbm5lY3QgJWg6JXAgLW5v
X3NzbDIgLWlnbl9lb2YiCiAJICAgICJvcGVuc3NsIHNfY2xpZW50IC1DQWZpbGUgJXQgLWNvbm5l
Y3QgJWg6JXAgLW5vX3NzbDIgLWlnbl9lb2YiKSkKICAgICAobGlzdCA6dGFnICJDaG9vc2UgY29t
bWFuZHMiCiAJICA6dmFsdWUKLQkgICgiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQgLXAgJXAg
JWgiCisJICAoImdudXRscy1jbGkgLXAgJXAgJWgiCisgICAgICAgICAgICJnbnV0bHMtY2xpIC0t
eDUwOWNhZmlsZSAldCAtcCAlcCAlaCIKIAkgICAiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQg
LXAgJXAgJWggLS1wcm90b2NvbHMgc3NsMyIKLQkgICAib3BlbnNzbCBzX2NsaWVudCAtY29ubmVj
dCAlaDolcCAtbm9fc3NsMiAtaWduX2VvZiIpCisgICAgICAgICAgICJvcGVuc3NsIHNfY2xpZW50
IC1jb25uZWN0ICVoOiVwIC1ub19zc2wyIC1pZ25fZW9mIgorCSAgICJvcGVuc3NsIHNfY2xpZW50
IC1DQWZpbGUgJXQgLWNvbm5lY3QgJWg6JXAgLW5vX3NzbDIgLWlnbl9lb2YiKQogCSAgKHNldCA6
aW5saW5lIHQKIAkgICAgICAgOzsgRklYTUU6IGFkZCBicmllZiBgOnRhZyAiLi4uIicgZGVzY3Jp
cHRpb25zLgogCSAgICAgICA7OyAocmVwZWF0IDppbmxpbmUgdCA6dGFnICJPdGhlciIgKHN0cmlu
ZykpCkBAIC0yMjcsMTIgKzIzMywxNSBAQCBGb3VydGggYXJnIFBPUlQgaXMgYW4gaW50ZWdlciBz
cGVjaWZ5aW5nIGEgcG9ydCB0byBjb25uZWN0IHRvLiIKICAgICAod2l0aC1jdXJyZW50LWJ1ZmZl
ciBidWZmZXIKICAgICAgIChtZXNzYWdlICJPcGVuaW5nIFRMUyBjb25uZWN0aW9uIHRvIGAlcycu
Li4iIGhvc3QpCiAgICAgICAod2hpbGUgKGFuZCAobm90IGRvbmUpIChzZXRxIGNtZCAocG9wIGNt
ZHMpKSkKLQkobGV0ICgocHJvY2Vzcy1jb25uZWN0aW9uLXR5cGUgdGxzLXByb2Nlc3MtY29ubmVj
dGlvbi10eXBlKQorICAgICAgICAobGV0ICgodHJ1c3RmaWxlcyAoZ251dGxzLXRydXN0ZmlsZXMp
KQorCSAgICAgICh0cnVzdGZpbGUgbmlsKSkKKyAgICAgICAgICAod2hpbGUgKGFuZCAobm90IGRv
bmUpIChzZXRxIHRydXN0ZmlsZSAocG9wIHRydXN0ZmlsZXMpKSkKKyAgICAgICAgKGxldCAoKHBy
b2Nlc3MtY29ubmVjdGlvbi10eXBlIHRscy1wcm9jZXNzLWNvbm5lY3Rpb24tdHlwZSkKIAkgICAg
ICAoZm9ybWF0dGVkLWNtZAogCSAgICAgICAoZm9ybWF0LXNwZWMKIAkJY21kCiAJCShmb3JtYXQt
c3BlYy1tYWtlCi0gICAgICAgICAgICAgICAgID90IChjYXIgKGdudXRscy10cnVzdGZpbGVzKSkK
KyAgICAgICAgICAgICAgICAgP3QgdHJ1c3RmaWxlCiAJCSA/aCBob3N0CiAJCSA/cCAoaWYgKGlu
dGVnZXJwIHBvcnQpCiAJCQkoaW50LXRvLXN0cmluZyBwb3J0KQpAQCAtMjY5LDcgKzI3OCw3IEBA
IEZvdXJ0aCBhcmcgUE9SVCBpcyBhbiBpbnRlZ2VyIHNwZWNpZnlpbmcgYSBwb3J0IHRvIGNvbm5l
Y3QgdG8uIgogCSAgICAgIChpZiBzdGFydC1vZi1kYXRhCiAJCSAgOzsgbW92ZSBwb2ludCB0byBz
dGFydCBvZiBjbGllbnQgZGF0YQogCQkgIChnb3RvLWNoYXIgc3RhcnQtb2YtZGF0YSkpKQotCSAg
ICAoc2V0cSBkb25lIHByb2Nlc3MpKSkpCisJICAgIChzZXRxIGRvbmUgcHJvY2VzcykpKSkpKQog
ICAgICAgKHdoZW4gKGFuZCBkb25lCiAJCSAob3IKIAkJICAoYW5kIHRscy1jaGVja3RydXN0Ci0t
IAoyLjcuNCAoQXBwbGUgR2l0LTY2KQoK
--001a114c23b42f2ed10536a1cba4--




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#23759; Package emacs. Full text available.

Message received at 23759 <at> debbugs.gnu.org:


Received: (at 23759) by debbugs.gnu.org; 2 Jul 2016 00:22:28 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Jul 01 20:22:28 2016
Received: from localhost ([127.0.0.1]:34251 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1bJ8hX-0007pf-LL
	for submit <at> debbugs.gnu.org; Fri, 01 Jul 2016 20:22:28 -0400
Received: from mail-wm0-f46.google.com ([74.125.82.46]:36738)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <kosta@HIDDEN>) id 1bJ8Vd-0007Uu-Jg
 for 23759 <at> debbugs.gnu.org; Fri, 01 Jul 2016 20:10:10 -0400
Received: by mail-wm0-f46.google.com with SMTP id f126so43093257wma.1
 for <23759 <at> debbugs.gnu.org>; Fri, 01 Jul 2016 17:10:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=slumpy-org.20150623.gappssmtp.com; s=20150623;
 h=mime-version:from:date:message-id:subject:to;
 bh=RmWE7K1twMEoxuqb5t9gi0w6wDp61ttFKH6mbhpDP8M=;
 b=SjzwyzYAQwNaekQQttFczB3mwjs0Qv5gDgn2vjROQ7SzkeLAniQMdJ8rV9veE3N/dA
 cAx3WeiHoLz+JpGB5nxdINnqAyB1DoZZLpHeRu5X5f3DKvjLpGJpJzW55rUJX8pyBwKb
 yqWEp+AKyAQlpbnAUmRpx+bnb5MNxts41xHDlKjnn7kFjuCDH+PmQl9Segfm1wJJU8PA
 VVK/Xvb/2Dt3dEAIB8WJ04YP/ET6ptNigAEJ2zbp7r+urohTGAq9aoMDM3odhTdCwzll
 teBsjYs6ORhP2LC2JAPJjz4yWYpgimpl5NjQwF/I724S7a0MfY4wPaZ0Rsk7xi1Ks9Ee
 8Zdg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=RmWE7K1twMEoxuqb5t9gi0w6wDp61ttFKH6mbhpDP8M=;
 b=k14HlLWLV9gOjGZCUFOK87t4xkJrCd4/1kRLE2Ifpy6VnnwIgzW+EH89F76yRuQCzH
 13NyZFzYe68MjrkV86FH+aJbW2Z2S+DVo8LnDFn8bf2IkjbS1mPEN4r7ixR/5l7uZNXU
 bpAVXXcb0kHozoJJkQbl9a5bjdyyN8oC2wU3t0xjWdINylXj4CfQ4SSNN6emtKEmlRRW
 GR4g4nzyHhWDLTwCK54JVvhMBCdrLr+JhA8svGmibYRJVQlAKDfrYCYSETQKakbVBW50
 Bg3qA6CQLx0J9WPUk+MMxsNGD9jqZt4UJ7bVUsBw1ihkPkOq6hxKdD17a5AepIgO+//5
 uG9A==
X-Gm-Message-State: ALyK8tK3+U6d7ifc0gEvnCVSkD/3daDWXcFBma0/pDoBHt0Jpjli/bQvkoPqBi+8QLhQvyG6AsOwNi+xDqxW1tiN
X-Received: by 10.194.175.231 with SMTP id cd7mr576765wjc.19.1467418203513;
 Fri, 01 Jul 2016 17:10:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.99.214 with HTTP; Fri, 1 Jul 2016 17:09:43 -0700 (PDT)
From: Konstantin Kliakhandler <kosta@HIDDEN>
Date: Sat, 2 Jul 2016 03:09:43 +0300
Message-ID: <CAH+LVpnNR=Xob1oS99E-swvmqKD2ufq+p6+XBDXbEJTJE0gjVg@HIDDEN>
Subject: Re: bug#23759: 25.1.50;
To: 23759 <at> debbugs.gnu.org
Content-Type: multipart/mixed; boundary=089e013d1d86c21fa505369becbb
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 23759
X-Mailman-Approved-At: Fri, 01 Jul 2016 20:22:25 -0400
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

--089e013d1d86c21fa505369becbb
Content-Type: multipart/alternative; boundary=089e013d1d86c21fa105369becb9

--089e013d1d86c21fa105369becb9
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hello,

I am using emacs on OSX 10.12 from https://emacsformacosx.com/builds:

(emacs-version)
"GNU Emacs 25.1.50.1 (x86_64-apple-darwin13.4.0, NS appkit-1265.21 Version
10.9.5 (Build 13F1603))
 of 2016-05-30"

And experience the same problem when running emacs -Q. Furthermore, I
diagnosed the cause to be incorrect building of formatted-cmd in
open-tls-stream from the given arguments. Attached is a patch that fixes
the problem on my end. To make the patch smaller, I did not reindent the
whole function - I hope this is alright.

Finally, I'd like to reply to:


> Fran <flitterio <at> gmail.com> writes:

> If Cygwin is installed, open-tls-stream works, because gnutls-cli and
> openssl
> > are available. It has worked for some time. I routinely use this featur=
e
> to
> > enable ERC to connect to servers using TLS using function erc-tls.



> At some point, tls.el will be deprecated. Why aren't you just using
> Emacs with the built-in TLS support?


In my honest opinion, a feature is either deprecated or not, and while it
is not yet deprecated, bugs should not be ignored. I hope you would agree
at least to the point of testing the patch and incorporating it if it works
well :-)

Fuller description of the problem and the fix:

The problem: `open-tls-stream' replaces %t with exactly one element, which
is nil if none of gnutls-trustfiles is readable, and the first element of
gnutls-trustfiles is more than one is readable.
The Solution: In the patch I make the test iterate on all the trustfiles as
a user might have more than one relevant. In addition, I made the default
setting for tls-program have entries that do not explicitly specify the
trustfile.

One thing to note here perhaps, is that if (gnutls-trustfiles) returns an
empty list and one has the %t substitution in one of the tls-program
entries, then that entry will not be run at all. I feel that this is
reasonable since by setting --x509cafile nil one makes gnutls-cli fail
anyway.

Finally, I'm experiencing the above behavior, as far as I can tell, by
default in e.g. erc-tls. What is the proper way to move to the built in
TLS? Is it likely to be something in my config or in the implementation of
ERC?

Thanks,
Kosta

--=20
Konstantin Kliakhandler
    http://slumpy.org
          )=C2=B0) )=C2=B0( (=C2=B0(

--089e013d1d86c21fa105369becb9
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><div>Hello,</div><div><br></div><div>I am using emacs=
 on OSX 10.12 from <a href=3D"https://emacsformacosx.com/builds" target=3D"=
_blank">https://emacsformacosx.com/builds</a>:=C2=A0</div><div><br></div><d=
iv><div>(emacs-version)</div></div><div><div>&quot;GNU Emacs 25.1.50.1 (x86=
_64-apple-darwin13.4.0, NS appkit-1265.21 Version 10.9.5 (Build 13F1603))</=
div><div>=C2=A0of 2016-05-30&quot;</div></div><div><br></div><div>And exper=
ience the same problem when running emacs -Q. Furthermore, I diagnosed the =
cause to be incorrect building of formatted-cmd in open-tls-stream from the=
 given arguments. Attached is a patch that fixes the problem on my end. To =
make the patch smaller, I did not reindent the whole function - I hope this=
 is alright.=C2=A0</div><div><br></div><div>Finally, I&#39;d like to reply =
to:</div><div>=C2=A0</div><blockquote style=3D"margin:0px 0px 0px 0.8ex;bor=
der-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,20=
4);padding-left:1ex" class=3D"gmail_quote">Fran &lt;flitterio &lt;at&gt; <a=
 href=3D"http://gmail.com" target=3D"_blank">gmail.com</a>&gt; writes:</blo=
ckquote><blockquote style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px=
;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1e=
x" class=3D"gmail_quote">&gt; If Cygwin is installed, open-tls-stream works=
, because gnutls-cli and openssl<br>&gt; are available. It has worked for s=
ome time. I routinely use this feature to<br>&gt; enable ERC to connect to =
servers using TLS using function erc-tls.
</blockquote><div>=C2=A0</div><blockquote style=3D"margin:0px 0px 0px 0.8ex=
;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,20=
4,204);padding-left:1ex" class=3D"gmail_quote">At some point, tls.el will b=
e deprecated.  Why aren&#39;t you just using<br>Emacs with the built-in TLS=
 support?</blockquote><div><br></div><div>In my honest opinion, a feature i=
s either deprecated or not, and while it is not yet deprecated, bugs should=
 not be ignored. I hope you would agree at least to the point of testing th=
e patch and incorporating it if it works well :-)</div><div><br></div><div>=
Fuller description of the problem and the fix:</div><div><br></div><div>The=
 problem: `open-tls-stream&#39; replaces %t with exactly one element, which=
 is nil if none of gnutls-trustfiles is readable, and the first element of =
gnutls-trustfiles is more than one is readable.</div><div>The Solution: In =
the patch I make the test iterate on all the trustfiles as a user might hav=
e more than one relevant. In addition, I made the default setting for tls-p=
rogram have entries that do not explicitly specify the trustfile.</div><div=
><br></div><div>One thing to note here perhaps, is that if (gnutls-trustfil=
es) returns an empty list and one has the %t substitution in one of the tls=
-program entries, then that entry will not be run at all. I feel that this =
is reasonable since by setting --x509cafile nil one makes gnutls-cli fail a=
nyway.=C2=A0</div><div><br></div><div>Finally, I&#39;m experiencing the abo=
ve behavior, as far as I can tell, by default in e.g. erc-tls. What is the =
proper way to move to the built in TLS? Is it likely to be something in my =
config or in the implementation of ERC?</div><div><br></div></div><div>Than=
ks,</div><div>Kosta</div><br clear=3D"all"><div><div data-smartmail=3D"gmai=
l_signature"><div dir=3D"ltr">--=C2=A0<br>Konstantin Kliakhandler<br>=C2=A0=
 =C2=A0 <a href=3D"http://slumpy.org" target=3D"_blank">http://slumpy.org</=
a><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 )=C2=B0) )=C2=B0( (=C2=B0(</d=
iv></div></div>
</div>

--089e013d1d86c21fa105369becb9--

--089e013d1d86c21fa505369becbb
Content-Type: application/octet-stream; 
	name="0001-tls-Make-open-tls-stream-try-all-gnutls-trustfiles-a.patch"
Content-Disposition: attachment; 
	filename="0001-tls-Make-open-tls-stream-try-all-gnutls-trustfiles-a.patch"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_iq4elcyt0

RnJvbSAwNTdmYzkxNThlODE2ZTUyMjBiOTMwM2EyYjYzNGVhYjFkN2M3MzVlIE1vbiBTZXAgMTcg
MDA6MDA6MDAgMjAwMQpGcm9tOiBLb25zdGFudGluIEtsaWFraGFuZGxlciA8a29zdGFAc2x1bXB5
Lm9yZz4KRGF0ZTogU2F0LCAyIEp1bCAyMDE2IDAyOjQyOjMzICswMzAwClN1YmplY3Q6IFtQQVRD
SF0gdGxzOiBNYWtlIG9wZW4tdGxzLXN0cmVhbSB0cnkgYWxsIGdudXRscy10cnVzdGZpbGVzIGFu
ZCBzZXQKIGJldHRlciBkZWZhdWx0IHRscy1wcm9ncmFtCgpUaGlzIGZpeGVzIHRoZSBidWcgcmVw
b3J0ZWQgaW4gaHR0cHM6Ly9saXN0cy5nbnUub3JnL2FyY2hpdmUvaHRtbC9idWctZ251LWVtYWNz
LzIwMTYtMDYvbXNnMDA1NTMuaHRtbAoKKiBsaXNwL25ldC90bHMuZWwgKG9wZW4tdGxzLXN0cmVh
bSk6IEl0ZXJhdGUgb24gYWxsIGZvdW5kCiAgZ251dGxzLXRydXN0ZmlsZXMgaW5zdGVhZCBvZiBz
dGlja2luZyB3aXRoIHRoZSBmaXJzdCBvbmUgZm91bmQKCih0bHMtcHJvZ3JhbSk6IFNldCB0aGUg
ZGVmYXVsdCB0byBhIGxpc3QgdGhhdCBpbmNsdWRlcyBib3RoCmdudXRscy10cnVzdGZpbGVzIHN1
YnN0aXR1dGlvbiBhbmQgd2l0aG91dCBpdC4KLS0tCiBsaXNwL25ldC90bHMuZWwgfCAyNSArKysr
KysrKysrKysrKysrKy0tLS0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgMTcgaW5zZXJ0aW9ucygrKSwg
OCBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9saXNwL25ldC90bHMuZWwgYi9saXNwL25ldC90
bHMuZWwKaW5kZXggZjEyMTlmZC4uNzg5MGFjMCAxMDA2NDQKLS0tIGEvbGlzcC9uZXQvdGxzLmVs
CisrKyBiL2xpc3AvbmV0L3Rscy5lbApAQCAtNzcsOSArNzcsMTEgQEAgYW5kIGBnbnV0bHMtY2xp
JyAodmVyc2lvbiAyLjAuMSkgb3V0cHV0LiIKICAgOmdyb3VwICd0bHMpCiAKIChkZWZjdXN0b20g
dGxzLXByb2dyYW0KLSAgJygiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQgLXAgJXAgJWgiCisg
ICcoImdudXRscy1jbGkgLXAgJXAgJWgiCisgICAgImdudXRscy1jbGkgLS14NTA5Y2FmaWxlICV0
IC1wICVwICVoIgogICAgICJnbnV0bHMtY2xpIC0teDUwOWNhZmlsZSAldCAtcCAlcCAlaCAtLXBy
b3RvY29scyBzc2wzIgotICAgICJvcGVuc3NsIHNfY2xpZW50IC1jb25uZWN0ICVoOiVwIC1ub19z
c2wyIC1pZ25fZW9mIikKKyAgICAib3BlbnNzbCBzX2NsaWVudCAtY29ubmVjdCAlaDolcCAtbm9f
c3NsMiAtaWduX2VvZiIKKyAgICAib3BlbnNzbCBzX2NsaWVudCAtQ0FmaWxlICV0IC1jb25uZWN0
ICVoOiVwIC1ub19zc2wyIC1pZ25fZW9mIikKICAgIkxpc3Qgb2Ygc3RyaW5ncyBjb250YWluaW5n
IGNvbW1hbmRzIHRvIHN0YXJ0IFRMUyBzdHJlYW0gdG8gYSBob3N0LgogRWFjaCBlbnRyeSBpbiB0
aGUgbGlzdCBpcyB0cmllZCB1bnRpbCBhIGNvbm5lY3Rpb24gaXMgc3VjY2Vzc2Z1bC4KICVoIGlz
IHJlcGxhY2VkIHdpdGggdGhlIHNlcnZlciBob3N0bmFtZSwgJXAgd2l0aCB0aGUgcG9ydCB0bwpA
QCAtOTMsMTQgKzk1LDE4IEBAIHN1Y2Nlc3NmdWwgbmVnb3RpYXRpb24uIgogICA6dHlwZQogICAn
KGNob2ljZQogICAgIChjb25zdCA6dGFnICJEZWZhdWx0IGxpc3Qgb2YgY29tbWFuZHMiCi0JICAg
KCJnbnV0bHMtY2xpIC0teDUwOWNhZmlsZSAldCAtcCAlcCAlaCIKKwkgICAoImdudXRscy1jbGkg
LXAgJXAgJWgiCisgICAgICAgICAgICAiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQgLXAgJXAg
JWgiCiAJICAgICJnbnV0bHMtY2xpIC0teDUwOWNhZmlsZSAldCAtcCAlcCAlaCAtLXByb3RvY29s
cyBzc2wzIgorICAgICAgICAgICAgIm9wZW5zc2wgc19jbGllbnQgLWNvbm5lY3QgJWg6JXAgLW5v
X3NzbDIgLWlnbl9lb2YiCiAJICAgICJvcGVuc3NsIHNfY2xpZW50IC1DQWZpbGUgJXQgLWNvbm5l
Y3QgJWg6JXAgLW5vX3NzbDIgLWlnbl9lb2YiKSkKICAgICAobGlzdCA6dGFnICJDaG9vc2UgY29t
bWFuZHMiCiAJICA6dmFsdWUKLQkgICgiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQgLXAgJXAg
JWgiCisJICAoImdudXRscy1jbGkgLXAgJXAgJWgiCisgICAgICAgICAgICJnbnV0bHMtY2xpIC0t
eDUwOWNhZmlsZSAldCAtcCAlcCAlaCIKIAkgICAiZ251dGxzLWNsaSAtLXg1MDljYWZpbGUgJXQg
LXAgJXAgJWggLS1wcm90b2NvbHMgc3NsMyIKLQkgICAib3BlbnNzbCBzX2NsaWVudCAtY29ubmVj
dCAlaDolcCAtbm9fc3NsMiAtaWduX2VvZiIpCisgICAgICAgICAgICJvcGVuc3NsIHNfY2xpZW50
IC1jb25uZWN0ICVoOiVwIC1ub19zc2wyIC1pZ25fZW9mIgorCSAgICJvcGVuc3NsIHNfY2xpZW50
IC1DQWZpbGUgJXQgLWNvbm5lY3QgJWg6JXAgLW5vX3NzbDIgLWlnbl9lb2YiKQogCSAgKHNldCA6
aW5saW5lIHQKIAkgICAgICAgOzsgRklYTUU6IGFkZCBicmllZiBgOnRhZyAiLi4uIicgZGVzY3Jp
cHRpb25zLgogCSAgICAgICA7OyAocmVwZWF0IDppbmxpbmUgdCA6dGFnICJPdGhlciIgKHN0cmlu
ZykpCkBAIC0yMjcsMTIgKzIzMywxNSBAQCBGb3VydGggYXJnIFBPUlQgaXMgYW4gaW50ZWdlciBz
cGVjaWZ5aW5nIGEgcG9ydCB0byBjb25uZWN0IHRvLiIKICAgICAod2l0aC1jdXJyZW50LWJ1ZmZl
ciBidWZmZXIKICAgICAgIChtZXNzYWdlICJPcGVuaW5nIFRMUyBjb25uZWN0aW9uIHRvIGAlcycu
Li4iIGhvc3QpCiAgICAgICAod2hpbGUgKGFuZCAobm90IGRvbmUpIChzZXRxIGNtZCAocG9wIGNt
ZHMpKSkKLQkobGV0ICgocHJvY2Vzcy1jb25uZWN0aW9uLXR5cGUgdGxzLXByb2Nlc3MtY29ubmVj
dGlvbi10eXBlKQorICAgICAgICAobGV0ICgodHJ1c3RmaWxlcyAoZ251dGxzLXRydXN0ZmlsZXMp
KQorCSAgICAgICh0cnVzdGZpbGUgbmlsKSkKKyAgICAgICAgICAod2hpbGUgKGFuZCAobm90IGRv
bmUpIChzZXRxIHRydXN0ZmlsZSAocG9wIHRydXN0ZmlsZXMpKSkKKyAgICAgICAgKGxldCAoKHBy
b2Nlc3MtY29ubmVjdGlvbi10eXBlIHRscy1wcm9jZXNzLWNvbm5lY3Rpb24tdHlwZSkKIAkgICAg
ICAoZm9ybWF0dGVkLWNtZAogCSAgICAgICAoZm9ybWF0LXNwZWMKIAkJY21kCiAJCShmb3JtYXQt
c3BlYy1tYWtlCi0gICAgICAgICAgICAgICAgID90IChjYXIgKGdudXRscy10cnVzdGZpbGVzKSkK
KyAgICAgICAgICAgICAgICAgP3QgdHJ1c3RmaWxlCiAJCSA/aCBob3N0CiAJCSA/cCAoaWYgKGlu
dGVnZXJwIHBvcnQpCiAJCQkoaW50LXRvLXN0cmluZyBwb3J0KQpAQCAtMjY5LDcgKzI3OCw3IEBA
IEZvdXJ0aCBhcmcgUE9SVCBpcyBhbiBpbnRlZ2VyIHNwZWNpZnlpbmcgYSBwb3J0IHRvIGNvbm5l
Y3QgdG8uIgogCSAgICAgIChpZiBzdGFydC1vZi1kYXRhCiAJCSAgOzsgbW92ZSBwb2ludCB0byBz
dGFydCBvZiBjbGllbnQgZGF0YQogCQkgIChnb3RvLWNoYXIgc3RhcnQtb2YtZGF0YSkpKQotCSAg
ICAoc2V0cSBkb25lIHByb2Nlc3MpKSkpCisJICAgIChzZXRxIGRvbmUgcHJvY2VzcykpKSkpKQog
ICAgICAgKHdoZW4gKGFuZCBkb25lCiAJCSAob3IKIAkJICAoYW5kIHRscy1jaGVja3RydXN0Ci0t
IAoyLjcuNCAoQXBwbGUgR2l0LTY2KQoK
--089e013d1d86c21fa505369becbb--




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#23759; Package emacs. Full text available.

Message received at 23759 <at> debbugs.gnu.org:


Received: (at 23759) by debbugs.gnu.org; 13 Jun 2016 14:02:31 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jun 13 10:02:31 2016
Received: from localhost ([127.0.0.1]:39087 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1bCSRf-0002dJ-O9
	for submit <at> debbugs.gnu.org; Mon, 13 Jun 2016 10:02:31 -0400
Received: from eggs.gnu.org ([208.118.235.92]:47044)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1bCSRb-0002d4-L0
 for 23759 <at> debbugs.gnu.org; Mon, 13 Jun 2016 10:02:27 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <eliz@HIDDEN>) id 1bCSRQ-00054l-B8
 for 23759 <at> debbugs.gnu.org; Mon, 13 Jun 2016 10:02:18 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:59515)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@HIDDEN>)
 id 1bCSRQ-000545-7J; Mon, 13 Jun 2016 10:02:12 -0400
Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:3650
 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1bCSRO-0004a8-Ba; Mon, 13 Jun 2016 10:02:10 -0400
Date: Mon, 13 Jun 2016 17:03:02 +0300
Message-Id: <83eg81fap5.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Lars Ingebrigtsen <larsi@HIDDEN>
In-reply-to: <87oa759yu0.fsf@HIDDEN> (message from Lars Ingebrigtsen on Mon, 
 13 Jun 2016 12:18:15 +0200)
Subject: Re: bug#23759: 25.1.50;
 open-tls-stream creates malformed gnutls-cli command if trusted cert
 files don't exist
References: <87y46ahz23.fsf@HIDDEN> <83r3c1g3fv.fsf@HIDDEN>
 <87oa759yu0.fsf@HIDDEN>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -6.4 (------)
X-Debbugs-Envelope-To: 23759
Cc: 23759 <at> debbugs.gnu.org, flitterio@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Reply-To: Eli Zaretskii <eliz@HIDDEN>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -6.4 (------)

> From: Lars Ingebrigtsen <larsi@HIDDEN>
> Cc: flitterio@HIDDEN (Francis Litterio),  23759 <at> debbugs.gnu.org
> Date: Mon, 13 Jun 2016 12:18:15 +0200
> 
> Eli Zaretskii <eliz@HIDDEN> writes:
> 
> > TLS connections on MS-Windows are supported via the GnuTLS library.
> > External TLS programs will never work correctly on Windows, since they
> > use signals to communicate with Emacs.  So there's little sense in
> > fixing this issue, because the result will not work anyway.
> 
> Perhaps it would make sense to just have `open-tls-stream' signal an
> error on Windows to avoid confusing people?  I think this is at least
> the fourth bug report where people have spent significant time trying to
> debug something that will never work.
> 
> It could just say (error "Use an Emacs built with TLS support (and with
> installed gnutls libraries)").

At least a warning sounds like a good idea.  Not so sure about
erroring out, though.




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#23759; Package emacs. Full text available.

Message received at 23759 <at> debbugs.gnu.org:


Received: (at 23759) by debbugs.gnu.org; 13 Jun 2016 11:49:16 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jun 13 07:49:16 2016
Received: from localhost ([127.0.0.1]:38595 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1bCQMi-0007o2-RY
	for submit <at> debbugs.gnu.org; Mon, 13 Jun 2016 07:49:16 -0400
Received: from mail-oi0-f45.google.com ([209.85.218.45]:36242)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <flitterio@HIDDEN>) id 1bCQMc-0007mD-T8
 for 23759 <at> debbugs.gnu.org; Mon, 13 Jun 2016 07:49:10 -0400
Received: by mail-oi0-f45.google.com with SMTP id p204so203203642oih.3
 for <23759 <at> debbugs.gnu.org>; Mon, 13 Jun 2016 04:49:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc; bh=8RIJzrZ6A87jbqw5xMm1c5Ymc9YJNd5nEvanj6qUAVg=;
 b=T6PnzbU2jEtRnDWIjLFXetUg3ZAQEzjjYi8YOBetJ8WtdZjm9Ao0lrjx/WyjvplfZW
 QoklH0GquCYGVcxdrTS9YiXsoGjJvh4vRfEWPv1r2x4jPo+pB2zkSTOUTYyLPyuGS7Gr
 o0BM/FU0aIpJvFXnLTAiDRGC9qdkuTM1DBh+hZpi4OHM3mG6Q3tky9kIEbf022sAVeEP
 GqlDqCCWX1hCdLpaib/0n5u71W2Z1HkWcFnbQlnvIcNtewhvBcE8TJcYyWYfu0d4mV55
 d9ysGDIjbveyxj1xuDh1SHf6DwYESaO1eQgLM9Qp8DIlj3AOn90XH5kVTyOiOlwtlmOt
 JZwQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:cc;
 bh=8RIJzrZ6A87jbqw5xMm1c5Ymc9YJNd5nEvanj6qUAVg=;
 b=dSf1nZplF5JIEmoRHxdjrGvjP/Xs50y1I4yOErD/xyUeYWzIOoenlt3sC4kU1LCg4S
 gNFopuirbp2HNDzjAbjBuyF2I1et1ZYGIZmsU37rW1Tzm2dk5ai4Y7KrFd6MYMF+boWo
 xTXhGvzUSYqEC4HGT1FS6QvzDui+3i5aBCBbLqllHRPM+FqFnVqWSOL4VWt4hV1vM9IE
 XtHRJN1khagQboxRkUy02Aq49puThcIk5g/5qORSKXJDzsXXmjA2GGA1TNs1RcM90VXh
 cRbVBePJDTifs2BSF1U+c4fuOTpuEwGyQfMylAaa9B6f4545Gn7BPl3idFIzNRLGNGjY
 o2lQ==
X-Gm-Message-State: ALyK8tJnjsrdM56Sv94MZsLU+6+IBPBF1uX5joWqjG2jn3S+UimCoZklGmi/Vmj43zW0S9JvMOaqSaPfm0a4RQ==
MIME-Version: 1.0
X-Received: by 10.202.55.198 with SMTP id e189mr5908313oia.85.1465818541371;
 Mon, 13 Jun 2016 04:49:01 -0700 (PDT)
Received: by 10.157.16.10 with HTTP; Mon, 13 Jun 2016 04:49:01 -0700 (PDT)
Received: by 10.157.16.10 with HTTP; Mon, 13 Jun 2016 04:49:01 -0700 (PDT)
In-Reply-To: <878ty99v1h.fsf@HIDDEN>
References: <87y46ahz23.fsf@HIDDEN> <83r3c1g3fv.fsf@HIDDEN>
 <87oa759yu0.fsf@HIDDEN>
 <CAGQpP8QFu3zx9_3SLf5tVRhGC7bV0hUiA8=OJm8HpA5H-hTfwA@HIDDEN>
 <CAGQpP8QWYaxgE0=VGshhxDW=U3yT_kXsNq178m6zPGq15Ets9g@HIDDEN>
 <CAGQpP8Ra1gazRhq_Y5qzYegsJMJ8AVVnK_dSsr3XKW7PL-vrMg@HIDDEN>
 <878ty99v1h.fsf@HIDDEN>
Date: Mon, 13 Jun 2016 07:49:01 -0400
Message-ID: <CAGQpP8SJZ7y-cnCizrOeCn8A-BVVom9jx_hnmzUqMRu=nH4o9Q@HIDDEN>
Subject: Re: bug#23759: 25.1.50; open-tls-stream creates malformed gnutls-cli
 command if trusted cert files don't exist
From: Fran <flitterio@HIDDEN>
To: Lars Magne Ingebrigtsen <larsi@HIDDEN>
Content-Type: multipart/alternative; boundary=001a113ceea676bb6a05352779cd
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 23759
Cc: 23759 <at> debbugs.gnu.org, Eli Zaretskii <eliz@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

--001a113ceea676bb6a05352779cd
Content-Type: text/plain; charset=UTF-8

On Jun 13, 2016 7:40 AM, "Lars Ingebrigtsen" <larsi@HIDDEN> wrote:

> At some point, tls.el will be deprecated.  Why aren't you just using
> Emacs with the built-in TLS support?

I didn't know of the plan to deprecate tls.el. And this way has always
worked on Windows. I'll certainly try to get "make configure" to enable
built-in TLS support on Windows when building with MinGW. If I can get that
to work, I'll send a patch so we can hasten the deprecation of tls.el.
--
Fran

--001a113ceea676bb6a05352779cd
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr">On Jun 13, 2016 7:40 AM, &quot;Lars Ingebrigtsen&quot; &lt;<=
a href=3D"mailto:larsi@HIDDEN">larsi@HIDDEN</a>&gt; wrote:</p>
<p dir=3D"ltr">&gt; At some point, tls.el will be deprecated.=C2=A0 Why are=
n&#39;t you just using<br>
&gt; Emacs with the built-in TLS support?</p>
<p dir=3D"ltr">I didn&#39;t know of the plan to deprecate tls.el. And this =
way has always worked on Windows. I&#39;ll certainly try to get &quot;make =
configure&quot; to enable built-in TLS support on Windows when building wit=
h MinGW. If I can get that to work, I&#39;ll send a patch so we can hasten =
the deprecation of tls.el.<br>
--<br>
Fran</p>

--001a113ceea676bb6a05352779cd--




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#23759; Package emacs. Full text available.

Message received at 23759 <at> debbugs.gnu.org:


Received: (at 23759) by debbugs.gnu.org; 13 Jun 2016 11:40:21 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jun 13 07:40:21 2016
Received: from localhost ([127.0.0.1]:38590 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1bCQE8-0007Y6-Tw
	for submit <at> debbugs.gnu.org; Mon, 13 Jun 2016 07:40:21 -0400
Received: from bouvier.getmail.no ([84.210.184.8]:50327)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <larsi@HIDDEN>) id 1bCQE6-0007Xt-UV
 for 23759 <at> debbugs.gnu.org; Mon, 13 Jun 2016 07:40:19 -0400
Received: from localhost (localhost [127.0.0.1])
 by bouvier.getmail.no (Postfix) with ESMTP id 9FBD846038;
 Mon, 13 Jun 2016 13:40:11 +0200 (CEST)
Received: from bouvier.getmail.no ([127.0.0.1])
 by localhost (bouvier.get.c.bitbit.net [127.0.0.1]) (amavisd-new, port 10032)
 with ESMTP id PvEhWJqdAT6r; Mon, 13 Jun 2016 13:40:11 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
 by bouvier.getmail.no (Postfix) with ESMTP id 3663648585;
 Mon, 13 Jun 2016 13:40:11 +0200 (CEST)
X-Virus-Scanned: amavisd-new at bouvier.get.c.bitbit.net
Received: from bouvier.getmail.no ([127.0.0.1])
 by localhost (bouvier.get.c.bitbit.net [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id zVPuYssXTyj5; Mon, 13 Jun 2016 13:40:11 +0200 (CEST)
Received: from mouse (cm-84.215.1.64.getinternet.no [84.215.1.64])
 by bouvier.getmail.no (Postfix) with ESMTPS id EF48845758;
 Mon, 13 Jun 2016 13:40:10 +0200 (CEST)
From: Lars Ingebrigtsen <larsi@HIDDEN>
To: Fran <flitterio@HIDDEN>
Subject: Re: bug#23759: 25.1.50;
 open-tls-stream creates malformed gnutls-cli command if trusted cert
 files don't exist
References: <87y46ahz23.fsf@HIDDEN> <83r3c1g3fv.fsf@HIDDEN>
 <87oa759yu0.fsf@HIDDEN>
 <CAGQpP8QFu3zx9_3SLf5tVRhGC7bV0hUiA8=OJm8HpA5H-hTfwA@HIDDEN>
 <CAGQpP8QWYaxgE0=VGshhxDW=U3yT_kXsNq178m6zPGq15Ets9g@HIDDEN>
 <CAGQpP8Ra1gazRhq_Y5qzYegsJMJ8AVVnK_dSsr3XKW7PL-vrMg@HIDDEN>
Date: Mon, 13 Jun 2016 13:40:10 +0200
In-Reply-To: <CAGQpP8Ra1gazRhq_Y5qzYegsJMJ8AVVnK_dSsr3XKW7PL-vrMg@HIDDEN>
 (Fran's message of "Mon, 13 Jun 2016 07:33:58 -0400")
Message-ID: <878ty99v1h.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 23759
Cc: 23759 <at> debbugs.gnu.org, Eli Zaretskii <eliz@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.0 (/)

Fran <flitterio@HIDDEN> writes:

> If Cygwin is installed, open-tls-stream works, because gnutls-cli and openssl
> are available. It has worked for some time. I routinely use this feature to
> enable ERC to connect to servers using TLS using function erc-tls.

At some point, tls.el will be deprecated.  Why aren't you just using
Emacs with the built-in TLS support?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#23759; Package emacs. Full text available.

Message received at 23759 <at> debbugs.gnu.org:


Received: (at 23759) by debbugs.gnu.org; 13 Jun 2016 11:34:12 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jun 13 07:34:12 2016
Received: from localhost ([127.0.0.1]:38586 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1bCQ88-0007PM-Tl
	for submit <at> debbugs.gnu.org; Mon, 13 Jun 2016 07:34:12 -0400
Received: from mail-oi0-f44.google.com ([209.85.218.44]:35593)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <flitterio@HIDDEN>) id 1bCQ84-0007Op-05
 for 23759 <at> debbugs.gnu.org; Mon, 13 Jun 2016 07:34:07 -0400
Received: by mail-oi0-f44.google.com with SMTP id w5so123662979oib.2
 for <23759 <at> debbugs.gnu.org>; Mon, 13 Jun 2016 04:34:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc; bh=PF3f7zTi+LZkf7Ucvlgwuxte6WPReAGKRU2nET8mA6k=;
 b=rnTtaPuHx7JKxh6Vuj8WaUvbGIUexaU6xgP8qaT8yA05FwOt7FKyl5SdaZTW1qun1F
 TUVWUbfTQr1tKlR+v+9lwyU0kgTkMaGJ3mZb6iKqczJXfWcqi3tJviEwzY3lUQIyn3I0
 dhUraNf3oIEyRK6IvrvP+8TMhW9wlswoy1BO4o14sW0z6pnIERqAJwQA2r0mqvD9vKHp
 RuZYwbpsa72I0KttkYTpx2cMe2B/aZlPECbBRxxAomE8zgTR9ZhBlW+HoUafWj6qCMja
 RHoSVFhEUaioQ918TwIgHSPh33BMAGScke1edzVfNpuDKisdhjBxEZ5bt+ksJluE4J21
 71tA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:cc;
 bh=PF3f7zTi+LZkf7Ucvlgwuxte6WPReAGKRU2nET8mA6k=;
 b=VecEDRY9gTpbAOVicntgBqxYzavpMEpypDX06kws03gjJM9SkPTOKNduK7sqaTAKd7
 06FPG9Ysm4223GK9YsJ/dvRSx38Fc62qatrsixs92mvGkoU7gfTuxHIAvOEElwWLsGMK
 gKPj6QcA9Vr47lOrfisNZ0yjFXM7JRKL7zzLwRawNk16DkXYvYzfPe5MqQkKT8XE5lIN
 Ivt8R+JgoVESYLYPobNFFfREcaymVJsoxwOH3VkDdOBg4Ro8RxE4NUwruMUVkuiNnjOV
 Nl3qcufpE5z3/0To2NIklTTyTW/V9tdbIVC0tZmqdEc0l36YwW0+IHTdNBeYcBAl6S3E
 rRCw==
X-Gm-Message-State: ALyK8tKbs+DtxQT8TWFi+ABcSZdqA7Fvjf0+XVbuWHqdp1LcokpR/xvvKyMhShL7wN7u3dPOcRJ6fyHBtW/iGQ==
MIME-Version: 1.0
X-Received: by 10.157.23.209 with SMTP id j75mr6261036otj.109.1465817638313;
 Mon, 13 Jun 2016 04:33:58 -0700 (PDT)
Received: by 10.157.16.10 with HTTP; Mon, 13 Jun 2016 04:33:58 -0700 (PDT)
Received: by 10.157.16.10 with HTTP; Mon, 13 Jun 2016 04:33:58 -0700 (PDT)
In-Reply-To: <CAGQpP8QWYaxgE0=VGshhxDW=U3yT_kXsNq178m6zPGq15Ets9g@HIDDEN>
References: <87y46ahz23.fsf@HIDDEN> <83r3c1g3fv.fsf@HIDDEN>
 <87oa759yu0.fsf@HIDDEN>
 <CAGQpP8QFu3zx9_3SLf5tVRhGC7bV0hUiA8=OJm8HpA5H-hTfwA@HIDDEN>
 <CAGQpP8QWYaxgE0=VGshhxDW=U3yT_kXsNq178m6zPGq15Ets9g@HIDDEN>
Date: Mon, 13 Jun 2016 07:33:58 -0400
Message-ID: <CAGQpP8Ra1gazRhq_Y5qzYegsJMJ8AVVnK_dSsr3XKW7PL-vrMg@HIDDEN>
Subject: Re: bug#23759: 25.1.50; open-tls-stream creates malformed gnutls-cli
 command if trusted cert files don't exist
From: Fran <flitterio@HIDDEN>
To: Lars Magne Ingebrigtsen <larsi@HIDDEN>
Content-Type: multipart/alternative; boundary=94eb2c0944f6a3279f05352743c3
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 23759
Cc: 23759 <at> debbugs.gnu.org, Eli Zaretskii <eliz@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

--94eb2c0944f6a3279f05352743c3
Content-Type: text/plain; charset=UTF-8

If Cygwin is installed, open-tls-stream works, because gnutls-cli and
openssl are available. It has worked for some time. I routinely use this
feature to enable ERC to connect to servers using TLS using function
erc-tls.

This bug report is about an Elisp logic error that can happen on any
platform if the certificate trust files do not exist, leading to a
malformed gnutls-cli command line. Those files are outside the control of
Emacs. They may not exist.

Please don't disable functionality that some of us have used for years.

Thanks.
--
Fran Litterio
On Jun 13, 2016 6:18 AM, "Lars Ingebrigtsen" <larsi@HIDDEN> wrote:

Eli Zaretskii <eliz@HIDDEN> writes:

> TLS connections on MS-Windows are supported via the GnuTLS library.
> External TLS programs will never work correctly on Windows, since they
> use signals to communicate with Emacs.  So there's little sense in
> fixing this issue, because the result will not work anyway.

Perhaps it would make sense to just have `open-tls-stream' signal an
error on Windows to avoid confusing people?  I think this is at least
the fourth bug report where people have spent significant time trying to
debug something that will never work.

It could just say (error "Use an Emacs built with TLS support (and with
installed gnutls libraries)").

--
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

--94eb2c0944f6a3279f05352743c3
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr">If Cygwin is installed, open-tls-stream works, because gnutl=
s-cli and openssl are available. It has worked for some time. I routinely u=
se this feature to enable ERC to connect to servers using TLS using functio=
n erc-tls.</p>
<p dir=3D"ltr">This bug report is about an Elisp logic error that can happe=
n on any platform if the certificate trust files do not exist, leading to a=
 malformed gnutls-cli command line. Those files are outside the control of =
Emacs. They may not exist.</p>
<p dir=3D"ltr">Please don&#39;t disable functionality that some of us have =
used for years.</p>
<p dir=3D"ltr">Thanks.<br>
--<br>
Fran Litterio<br>
</p>
<div class=3D"gmail_quote">On Jun 13, 2016 6:18 AM, &quot;Lars Ingebrigtsen=
&quot; &lt;<a href=3D"mailto:larsi@HIDDEN">larsi@HIDDEN</a>&gt; wrote:<=
br type=3D"attribution"><blockquote class=3D"quote" style=3D"margin:0 0 0 .=
8ex;border-left:1px #ccc solid;padding-left:1ex"><div class=3D"quoted-text"=
>Eli Zaretskii &lt;<a href=3D"mailto:eliz@HIDDEN">eliz@HIDDEN</a>&gt; wri=
tes:<br>
<br>
&gt; TLS connections on MS-Windows are supported via the GnuTLS library.<br=
>
&gt; External TLS programs will never work correctly on Windows, since they=
<br>
&gt; use signals to communicate with Emacs.=C2=A0 So there&#39;s little sen=
se in<br>
&gt; fixing this issue, because the result will not work anyway.<br>
<br>
</div>Perhaps it would make sense to just have `open-tls-stream&#39; signal=
 an<br>
error on Windows to avoid confusing people?=C2=A0 I think this is at least<=
br>
the fourth bug report where people have spent significant time trying to<br=
>
debug something that will never work.<br>
<br>
It could just say (error &quot;Use an Emacs built with TLS support (and wit=
h<br>
installed gnutls libraries)&quot;).<br>
<font color=3D"#888888"><br>
--<br>
(domestic pets only, the antidote for overdose, milk.)<br>
=C2=A0 =C2=A0bloggy blog: <a href=3D"http://lars.ingebrigtsen.no" rel=3D"no=
referrer" target=3D"_blank">http://lars.ingebrigtsen.no</a><br>
</font></blockquote></div>

--94eb2c0944f6a3279f05352743c3--




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#23759; Package emacs. Full text available.

Message received at 23759 <at> debbugs.gnu.org:


Received: (at 23759) by debbugs.gnu.org; 13 Jun 2016 10:18:26 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jun 13 06:18:26 2016
Received: from localhost ([127.0.0.1]:38564 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1bCOws-0003yO-A6
	for submit <at> debbugs.gnu.org; Mon, 13 Jun 2016 06:18:26 -0400
Received: from lamora.getmail.no ([84.210.184.7]:36761)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <larsi@HIDDEN>) id 1bCOwp-0003y6-Df
 for 23759 <at> debbugs.gnu.org; Mon, 13 Jun 2016 06:18:25 -0400
Received: from localhost (localhost [127.0.0.1])
 by lamora.getmail.no (Postfix) with ESMTP id 37FB5E6039;
 Mon, 13 Jun 2016 12:18:16 +0200 (CEST)
Received: from lamora.getmail.no ([127.0.0.1])
 by localhost (lamora.get.c.bitbit.net [127.0.0.1]) (amavisd-new, port 10032)
 with ESMTP id uHMGOQngQ6aG; Mon, 13 Jun 2016 12:18:15 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
 by lamora.getmail.no (Postfix) with ESMTP id B1F9FE605C;
 Mon, 13 Jun 2016 12:18:15 +0200 (CEST)
X-Virus-Scanned: amavisd-new at lamora.get.c.bitbit.net
Received: from lamora.getmail.no ([127.0.0.1])
 by localhost (lamora.get.c.bitbit.net [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id lyBmvSPZ55zF; Mon, 13 Jun 2016 12:18:15 +0200 (CEST)
Received: from mouse (cm-84.215.1.64.getinternet.no [84.215.1.64])
 by lamora.getmail.no (Postfix) with ESMTPS id 821A8E6039;
 Mon, 13 Jun 2016 12:18:15 +0200 (CEST)
From: Lars Ingebrigtsen <larsi@HIDDEN>
To: Eli Zaretskii <eliz@HIDDEN>
Subject: Re: bug#23759: 25.1.50;
 open-tls-stream creates malformed gnutls-cli command if trusted cert
 files don't exist
References: <87y46ahz23.fsf@HIDDEN> <83r3c1g3fv.fsf@HIDDEN>
Date: Mon, 13 Jun 2016 12:18:15 +0200
In-Reply-To: <83r3c1g3fv.fsf@HIDDEN> (Eli Zaretskii's message of "Mon, 13 Jun
 2016 06:42:12 +0300")
Message-ID: <87oa759yu0.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 23759
Cc: 23759 <at> debbugs.gnu.org, Francis Litterio <flitterio@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.0 (/)

Eli Zaretskii <eliz@HIDDEN> writes:

> TLS connections on MS-Windows are supported via the GnuTLS library.
> External TLS programs will never work correctly on Windows, since they
> use signals to communicate with Emacs.  So there's little sense in
> fixing this issue, because the result will not work anyway.

Perhaps it would make sense to just have `open-tls-stream' signal an
error on Windows to avoid confusing people?  I think this is at least
the fourth bug report where people have spent significant time trying to
debug something that will never work.

It could just say (error "Use an Emacs built with TLS support (and with
installed gnutls libraries)").

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#23759; Package emacs. Full text available.

Message received at 23759 <at> debbugs.gnu.org:


Received: (at 23759) by debbugs.gnu.org; 13 Jun 2016 03:41:35 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Jun 12 23:41:35 2016
Received: from localhost ([127.0.0.1]:38437 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1bCIkp-0002vp-1B
	for submit <at> debbugs.gnu.org; Sun, 12 Jun 2016 23:41:35 -0400
Received: from eggs.gnu.org ([208.118.235.92]:50499)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1bCIkm-0002vb-DF
 for 23759 <at> debbugs.gnu.org; Sun, 12 Jun 2016 23:41:33 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <eliz@HIDDEN>) id 1bCIkd-00008k-TU
 for 23759 <at> debbugs.gnu.org; Sun, 12 Jun 2016 23:41:27 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_20,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:50592)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@HIDDEN>)
 id 1bCIkd-00008d-Pt; Sun, 12 Jun 2016 23:41:23 -0400
Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:3305
 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1bCIkb-0006hK-Go; Sun, 12 Jun 2016 23:41:22 -0400
Date: Mon, 13 Jun 2016 06:42:12 +0300
Message-Id: <83r3c1g3fv.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: flitterio@HIDDEN (Francis Litterio)
In-reply-to: <87y46ahz23.fsf@HIDDEN> (flitterio@HIDDEN)
Subject: Re: bug#23759: 25.1.50;
 open-tls-stream creates malformed gnutls-cli command if trusted cert
 files don't exist
References: <87y46ahz23.fsf@HIDDEN>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -6.4 (------)
X-Debbugs-Envelope-To: 23759
Cc: 23759 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Reply-To: Eli Zaretskii <eliz@HIDDEN>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -6.4 (------)

> From: flitterio@HIDDEN (Francis Litterio)
> Date: Sun, 12 Jun 2016 17:32:56 -0400
> 
> Using Emacs built from the latest mainline source on Windows 7 (with all updates applied),
> I see this problem:
> 
> 1. Launch Emacs using: emacs.exe -Q
> 
> 2. Evaluate this form in buffer *scratch*:
> 
>    (progn
>      (require 'tls)
>      (open-tls-stream "foo" nil "irc.oftc.net" 6697))
> 
> After the connection is established, buffer *Messages* shows two failed connection
> attempts using gnutls-cli, followed by a successful connection using openssl:

TLS connections on MS-Windows are supported via the GnuTLS library.
External TLS programs will never work correctly on Windows, since they
use signals to communicate with Emacs.  So there's little sense in
fixing this issue, because the result will not work anyway.

Thanks.




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#23759; Package emacs. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 12 Jun 2016 21:34:26 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Jun 12 17:34:26 2016
Received: from localhost ([127.0.0.1]:38347 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1bCD1W-0002xb-DW
	for submit <at> debbugs.gnu.org; Sun, 12 Jun 2016 17:34:26 -0400
Received: from eggs.gnu.org ([208.118.235.92]:54873)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <flitterio@HIDDEN>) id 1bCD1U-0002xN-ML
 for submit <at> debbugs.gnu.org; Sun, 12 Jun 2016 17:34:25 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <flitterio@HIDDEN>) id 1bCD1N-0002JT-UQ
 for submit <at> debbugs.gnu.org; Sun, 12 Jun 2016 17:34:19 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM,
 T_DKIM_INVALID autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:45129)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <flitterio@HIDDEN>) id 1bCD1N-0002JL-RS
 for submit <at> debbugs.gnu.org; Sun, 12 Jun 2016 17:34:17 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:45844)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <flitterio@HIDDEN>) id 1bCD1K-0000Qs-RG
 for bug-gnu-emacs@HIDDEN; Sun, 12 Jun 2016 17:34:16 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <flitterio@HIDDEN>) id 1bCD1F-0002Il-Lz
 for bug-gnu-emacs@HIDDEN; Sun, 12 Jun 2016 17:34:14 -0400
Received: from mail-yw0-x231.google.com ([2607:f8b0:4002:c05::231]:33834)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <flitterio@HIDDEN>) id 1bCD1F-0002Ie-G5
 for bug-gnu-emacs@HIDDEN; Sun, 12 Jun 2016 17:34:09 -0400
Received: by mail-yw0-x231.google.com with SMTP id c72so110911731ywb.1
 for <bug-gnu-emacs@HIDDEN>; Sun, 12 Jun 2016 14:34:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=from:to:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=OGxyf9tr1FS9NlLjBA1wFoGAQ2IyBk/Jbrsw1drrloQ=;
 b=yuEp6ZmAWpQcachWxOYkK9yCcdT3IhDUd1zpYcPA50LKGVFa6Lx6UcykE7CSZ0Emh+
 6R/LplIFO2KXjrXOIto1J052avqqI4kN4ijTfM5jUNmL6I/TG0oemwLmoQsPiwkJSQjV
 bCbcMKv13Q5FTC/hRNJkRLgNGl5bcrnB6aRECqUNs/sx8Z1lraGFncW8Mif54JmNcjmP
 WJOEvculwUJGC6HUZzXJqbxxicrxWBeix+yQOl6C5PAd7XPr9c6PO0pHYrDzj9JwWSkb
 DKXWB+5CwXwoZxHTTpvSegCXX2fsELgWuxBcEwIlL6YxAp6qPXGOw0XjQolA5oU7kYTt
 lU1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:from:to:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=OGxyf9tr1FS9NlLjBA1wFoGAQ2IyBk/Jbrsw1drrloQ=;
 b=IGkZtye3xUu4LNEo1sbOW3/lnsmLE6BfPMcxzBAcAFzIQdMn+nqHOS3d7UBQxXSx8w
 eccK3IvcwmgqCz4pRcRGhUoQsX4IszpBtNaHMMoEDOgN93XymUmMJY4yap0GHzG14UwP
 YDoMtDDLPMfKBw9s2CqAUt36QRdOAldXVXzQIJE3rbwypPAplTqE4hUMMLpq3hY863+k
 gmZ4oCqWBuTfGXNljB1KVGAKOgLRYuyoi5o59wH4JdNV1vrDszEFqJzirjGDd8THHhFV
 4oX14Mzhxj8xPZAncdzWTlV/Qx3kueCnLoipb7DeGPdB82BDDRKGj8PtDroYEP4YkbsI
 fI1g==
X-Gm-Message-State: ALyK8tI1edRxCWmWaQM/5yPIV+wuxYhv6tIvIu+u9/OK8uK0Ft4Gx0b4gpjyH/67DlGUsw==
X-Received: by 10.13.245.194 with SMTP id e185mr6240300ywf.306.1465767248397; 
 Sun, 12 Jun 2016 14:34:08 -0700 (PDT)
Received: from puppy.gmail.com (125.sub-70-192-38.myvzw.com. [70.192.38.125])
 by smtp.gmail.com with ESMTPSA id
 b123sm10034869ywe.4.2016.06.12.14.34.06 for <bug-gnu-emacs@HIDDEN>
 (version=TLSv1/SSLv3 cipher=OTHER);
 Sun, 12 Jun 2016 14:34:07 -0700 (PDT)
From: flitterio@HIDDEN (Francis Litterio)
To: bug-gnu-emacs@HIDDEN
Subject: 25.1.50;
 open-tls-stream creates malformed gnutls-cli command if trusted cert
 files don't exist
Date: Sun, 12 Jun 2016 17:32:56 -0400
Message-ID: <87y46ahz23.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -4.0 (----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -4.0 (----)


Using Emacs built from the latest mainline source on Windows 7 (with all up=
dates applied),
I see this problem:

1. Launch Emacs using: emacs.exe -Q

2. Evaluate this form in buffer *scratch*:

   (progn
     (require 'tls)
     (open-tls-stream "foo" nil "irc.oftc.net" 6697))

After the connection is established, buffer *Messages* shows two failed con=
nection
attempts using gnutls-cli, followed by a successful connection using openss=
l:

  Opening TLS connection to =91irc.oftc.net=92...
  Opening TLS connection with =91gnutls-cli --x509cafile nil -p 6697 irc.of=
tc.net=92...failed
  Opening TLS connection with =91gnutls-cli --x509cafile nil -p 6697 irc.of=
tc.net --protocols ssl3=92...failed
  Opening TLS connection with =91openssl s_client -connect irc.oftc.net:669=
7 -no_ssl2 -ign_eof=92...done
  Opening TLS connection to =91irc.oftc.net=92...done

Notice switch "--x509cafile nil" passed to gnutls-cli, which cause it to fa=
il both times.

The root cause has to do with variable tls-program, which has this value:

  ("gnutls-cli --x509cafile %t -p %p %h"
   "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3"
   "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")

The docstring for tls-program says that %t is replaced "with a file name co=
ntaining
trusted certificates".  The names of trusted certificate files come from va=
riable
gnutls-trustfiles, which has this value:

  ("/etc/ssl/certs/ca-certificates.crt"
   "/etc/pki/tls/certs/ca-bundle.crt"
   "/etc/ssl/ca-bundle.pem"
   "/usr/ssl/certs/ca-bundle.crt"
   "/usr/local/share/certs/ca-root-nss.crt")

The docstring for gnutlsw-trustfiles says:

  The files may not exist, in which case they will be ignored.

These files do not exist on my Windows system, but the %t in the strings li=
sted in
variable tls-program is replaced by "nil", which creates a malformed gnutls=
-cli command.

I can work around the problem by setting variable tls-program to this list,=
 which is the
above list without the "--x509cafile %t" in the gnutls-cli commands:

  ("gnutls-cli -p %p %h"
   "gnutls-cli -p %p %h --protocols ssl3"
   "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")

If the no trusted cert file is available, the gnutls-cli command needs to b=
e constructed
more intelligently, so as not to create a malformed command.  This problem =
seems to be
localized in this code in function open-tls-stream in lisp/net/tls.el:

    (with-current-buffer buffer
      (message "Opening TLS connection to `%s'..." host)
      (while (and (not done) (setq cmd (pop cmds)))
        (let ((process-connection-type tls-process-connection-type)
              (formatted-cmd
               (format-spec
                cmd
                (format-spec-make
                 ?t (car (gnutls-trustfiles))
                 ?h host
                 ?p (if (integerp port)
                        (int-to-string port)
                      port)))))
          (message "Opening TLS connection with `%s'..." formatted-cmd)
          (setq process (start-process
                         name buffer shell-file-name shell-command-switch
                         formatted-cmd))
--
Fran Litterio



In GNU Emacs 25.1.50.1 (i686-pc-mingw32)
 of 2016-05-28 built on PUPPY
Repository revision: 549470fdf234acb4da7941e3bb9b28ed63a51876
Windowing system distributor 'Microsoft Corp.', version 6.1.7601
Recent messages:
Saving file c:/franl/zzz-emacs-bug-open-tls-stream.el...
Wrote c:/franl/zzz-emacs-bug-open-tls-stream.el
Saving file c:/franl/zzz-emacs-bug-open-tls-stream.el...
Wrote c:/franl/zzz-emacs-bug-open-tls-stream.el
Saving file c:/franl/zzz-emacs-bug-open-tls-stream.el...
Wrote c:/franl/zzz-emacs-bug-open-tls-stream.el
Mark set
Mark saved where search started
Mark set [2 times]
Type "q" to delete help window.

Configured using:
 'configure --prefix=3D/c/apps/emacs --without-x --without-xpm
 --without-png --without-jpeg --without-tiff --without-gif'

Configured features:
SOUND NOTIFY ACL TOOLKIT_SCROLL_BARS

Important settings:
  value of $LANG: C.ISO-8859-1
  locale-coding-system: cp1252

Major mode: Emacs-Lisp

Minor modes in effect:
  erc-list-mode: t
  erc-menu-mode: t
  erc-ring-mode: t
  erc-networks-mode: t
  erc-pcomplete-mode: t
  erc-track-mode: t
  erc-track-minor-mode: t
  erc-match-mode: t
  erc-button-mode: t
  erc-fill-mode: t
  erc-netsplit-mode: t
  erc-irccontrols-mode: t
  erc-noncommands-mode: t
  erc-move-to-prompt-mode: t
  erc-readonly-mode: t
  diff-auto-refine-mode: t
  show-paren-mode: t
  save-place-mode: t
  icomplete-mode: t
  savehist-mode: t
  shell-dirtrack-mode: t
  tooltip-mode: t
  global-eldoc-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  file-name-shadow-mode: t
  font-lock-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  transient-mark-mode: t
  abbrev-mode: t

Load-path shadows:
None found.

Features:
(shadow mail-extr emacsbug skeleton gud mm-archive url-http url-gw
url-cache url-auth url url-proxy url-privacy url-expand url-methods
url-history url-cookie url-domsuf url-util jka-compr face-remap tabify
imenu edmacro kmacro eieio-opt speedbar sb-image ezimage dframe
find-func help-fns rect vc-git misearch multi-isearch server sort
gnus-draft gnus-agent gnus-srvr nnvirtual nndraft nnmh gnus-msg
gnus-cite canlock gnus-async gnus-score score-mode gnus-art mm-uu
mml2015 mm-view mml-smime smime dig mailcap gnus-cache gnus-sum fpl-moo
fpl-react cl erc-sasl erc-notify erc-truncate erc-log erc-dcc erc-list
erc-menu erc-join erc-ring erc-networks erc-pcomplete erc-track
erc-match erc-button erc-fill erc-stamp erc-netsplit erc-goodies erc
erc-backend erc-compat thingatpt source-safe ediff-merg ediff-wind
ediff-diff ediff-mult ediff-help ediff-init ediff-util ediff grep
sh-script smie executable python tramp-sh json map ielm pp sgml-mode
csharp-mode cc-langs smtpmail sendmail nntp gnus-group gnus-undo
gnus-start gnus-cloud nnimap nnmail mail-source utf7 netrc parse-time
gnus-spec gnus-int gnus-range message rfc822 mml mml-sec epa derived epg
mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils
mailheader gnus-win nnoo gnus nnheader subr-x gnus-util rmail
rmail-loaddefs rfc2047 rfc2045 ietf-drums mail-utils mm-util mail-prsvr
wid-edit etags vc vc-dispatcher dired-aux hexl smerge-mode diff-mode
easy-mmode paren man info compile apropos tramp tramp-compat
tramp-loaddefs trampver ucs-normalize format-spec advice saveplace
icomplete xref project savehist browse-url shell pcomplete warnings
arc-mode archive-mode ange-ftp socks network-stream puny nsm starttls
tls gnutls dired dired-loaddefs cc-mode cc-fonts cc-guess cc-menus
cc-cmds cc-styles cc-align cc-engine cc-vars cc-defs comint ansi-color
ring calc-ext calc calc-loaddefs calc-macs time-stamp finder-inf package
epg-config url-handlers url-parse auth-source cl-seq eieio eieio-core
cl-macs eieio-loaddefs password-cache url-vars seq byte-opt gv bytecomp
byte-compile cl-extra help-mode easymenu cconv cl-loaddefs pcase cl-lib
time-date mule-util tooltip eldoc electric uniquify ediff-hook vc-hooks
lisp-float-type mwheel dos-w32 ls-lisp disp-table term/w32-win w32-win
w32-vars term/common-win tool-bar dnd fontset image regexp-opt fringe
tabulated-list newcomment elisp-mode lisp-mode prog-mode register page
menu-bar rfn-eshadow timer select scroll-bar mouse jit-lock font-lock
syntax facemenu font-core term/tty-colors frame cl-generic cham georgian
utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean
japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european
ethiopic indian cyrillic chinese charscript case-table epa-hook
jka-cmpr-hook help simple abbrev obarray minibuffer cl-preloaded nadvice
loaddefs button faces cus-face macroexp files text-properties overlay
sha1 md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote w32notify w32 multi-tty
make-network-process emacs)

Memory information:
((conses 8 524945 95746)
 (symbols 32 46666 0)
 (miscs 32 274 2594)
 (strings 16 105202 34595)
 (string-bytes 1 3339203)
 (vectors 8 72445)
 (vector-slots 4 1840040 248756)
 (floats 8 547 954)
 (intervals 28 15501 2890)
 (buffers 528 53))




Acknowledgement sent to flitterio@HIDDEN (Francis Litterio):
New bug report received and forwarded. Copy sent to bug-gnu-emacs@HIDDEN. Full text available.
Report forwarded to bug-gnu-emacs@HIDDEN:
bug#23759; Package emacs. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Tue, 5 Jul 2016 18:00:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.