bug#31457: 27.0.50; Move starttls.el and tls.el to lisp/obsolete/

bug#31457: 27.0.50; Move starttls.el and tls.el to lisp/obsolete/

[Noam Postavsky]

[-- Attachment #1: Type: text/plain, Size: 196 bytes --]

Tags: patch
Severity: minor

Use of an external program such as gnutls-cli instead of the builtin
libgnutls based functions is already de-facto obsolete: see bugs 15905,
23759, 27658, and 31339.


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: patch --]
[-- Type: text/x-diff, Size: 5982 bytes --]

From e87446e3f1cdecbb270337fe158a702615b5ac54 Mon Sep 17 00:00:00 2001
From: Noam Postavsky <npostavs@gmail.com>
Date: Thu, 13 Jul 2017 08:52:39 -0400
Subject: [PATCH v1] Move tls.el and starttls.el to lisp/obsolete/

* lisp/obsolete/tls.el: Moved from lisp/net/tls.el.
* lisp/gnus/nnimap.el:
* lisp/url/url-http.el: Don't require tls, since it's obsolete.
* lisp/net/network-stream.el: Only require tls if we actually try to
use it (i.e., when (gnutls-available-p) returns nil).  Declare some
functions to fix compilation warnings.

* lisp/obsolete/starttls.el: Moved from lisp/net/starttls.el.
* lisp/net/sieve-manage.el:
* lisp/net/network-stream.el: Don't require `starttls' at the
top-level, declare the variables and functions used instead.
(network-stream-open-starttls): Only require `starttls' if
needed (i.e., gnutls-available-p fails).

* etc/NEWS: Announce obsoletion.
---
 etc/NEWS                           |  3 +++
 lisp/gnus/nnimap.el                |  1 -
 lisp/net/network-stream.el         | 22 ++++++++++++++++++----
 lisp/net/sieve-manage.el           |  1 -
 lisp/{net => obsolete}/starttls.el |  0
 lisp/{net => obsolete}/tls.el      |  0
 lisp/url/url-http.el               |  1 -
 7 files changed, 21 insertions(+), 7 deletions(-)
 rename lisp/{net => obsolete}/starttls.el (100%)
 rename lisp/{net => obsolete}/tls.el (100%)

diff --git a/etc/NEWS b/etc/NEWS
index 77ef3f3457..8193545d9f 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -419,6 +419,9 @@ or NextCloud hosted files and directories.
 ** The options.el library has been removed.
 It was obsolete since Emacs 22.1, replaced by customize.
 
+** The tls.el and starttls.el libraries are now marked obsolete.
+Use of builtin of function based on libgnutls is recommended instead.
+
 \f
 ** Message
 
diff --git a/lisp/gnus/nnimap.el b/lisp/gnus/nnimap.el
index dc51b5f0f0..3b39731927 100644
--- a/lisp/gnus/nnimap.el
+++ b/lisp/gnus/nnimap.el
@@ -36,7 +36,6 @@
 (require 'nnoo)
 (require 'netrc)
 (require 'utf7)
-(require 'tls)
 (require 'parse-time)
 (require 'nnmail)
 
diff --git a/lisp/net/network-stream.el b/lisp/net/network-stream.el
index 19e0c6421f..a0589e25a4 100644
--- a/lisp/net/network-stream.el
+++ b/lisp/net/network-stream.el
@@ -42,14 +42,20 @@
 
 ;;; Code:
 
-(require 'tls)
-(require 'starttls)
 (require 'auth-source)
 (require 'nsm)
 (require 'puny)
 
+(declare-function starttls-available-p "starttls" ())
+(declare-function starttls-negotiate "starttls" (process))
+
 (autoload 'gnutls-negotiate "gnutls")
 (autoload 'open-gnutls-stream "gnutls")
+(defvar starttls-extra-arguments)
+(defvar starttls-extra-args)
+(defvar starttls-use-gnutls)
+(defvar starttls-gnutls-program)
+(defvar starttls-program)
 
 ;;;###autoload
 (defun open-network-stream (name buffer host service &rest parameters)
@@ -255,7 +261,8 @@ network-stream-open-starttls
 		     (or (gnutls-available-p)
 			 (and (or require-tls
 				  (plist-get parameters :use-starttls-if-possible))
-			      (starttls-available-p))))
+			      (require 'starttls)
+                              (starttls-available-p))))
 	       (not (eq (plist-get parameters :type) 'plain)))
       ;; If using external STARTTLS, drop this connection and start
       ;; anew with `starttls-open-stream'.
@@ -336,7 +343,8 @@ network-stream-open-starttls
 	      ;; See `starttls-available-p'.  If this predicate
 	      ;; changes to allow running under Windows, the error
 	      ;; message below should be amended.
-	      (if (memq system-type '(windows-nt ms-dos))
+	      (if (or (memq system-type '(windows-nt ms-dos))
+                      (not (featurep 'starttls)))
 		  (concat "Emacs does not support TLS")
 		(concat "Emacs does not support TLS, and no external `"
 			(if starttls-use-gnutls
@@ -373,6 +381,8 @@ network-stream-get-response
 	(unless (= start (point))
 	  (buffer-substring start (point)))))))
 
+(declare-function open-tls-stream "tls" (name buffer host port))
+
 (defun network-stream-open-tls (name buffer host service parameters)
   (with-current-buffer buffer
     (let* ((start (point-max))
@@ -380,6 +390,7 @@ network-stream-open-tls
             (if (gnutls-available-p)
                 (open-gnutls-stream name buffer host service
                                     (plist-get parameters :nowait))
+              (require 'tls)
               (open-tls-stream name buffer host service)))
 	   (eoc (plist-get parameters :end-of-command)))
       (if (plist-get parameters :nowait)
@@ -406,6 +417,9 @@ network-stream-open-tls
                   (network-stream-command stream capability-command eo-capa)
                   'tls)))))))
 
+(declare-function format-spec "format-spec" (format spec))
+(declare-function format-spec-make "format-spec" (&rest pairs))
+
 (defun network-stream-open-shell (name buffer host service parameters)
   (require 'format-spec)
   (let* ((capability-command (plist-get parameters :capability-command))
diff --git a/lisp/net/sieve-manage.el b/lisp/net/sieve-manage.el
index cd40307238..8c70ae037a 100644
--- a/lisp/net/sieve-manage.el
+++ b/lisp/net/sieve-manage.el
@@ -77,7 +77,6 @@
 
 (eval-when-compile (require 'cl-lib))
 (require 'sasl)
-(require 'starttls)
 (autoload 'sasl-find-mechanism "sasl")
 (autoload 'auth-source-search "auth-source")
 
diff --git a/lisp/net/starttls.el b/lisp/obsolete/starttls.el
similarity index 100%
rename from lisp/net/starttls.el
rename to lisp/obsolete/starttls.el
diff --git a/lisp/net/tls.el b/lisp/obsolete/tls.el
similarity index 100%
rename from lisp/net/tls.el
rename to lisp/obsolete/tls.el
diff --git a/lisp/url/url-http.el b/lisp/url/url-http.el
index 0b95453b30..53798f77c3 100644
--- a/lisp/url/url-http.el
+++ b/lisp/url/url-http.el
@@ -1600,7 +1600,6 @@ url-http-options
 
 ;; HTTPS.  This used to be in url-https.el, but that file collides
 ;; with url-http.el on systems with 8-character file names.
-(require 'tls)
 
 (defconst url-https-asynchronous-p t "HTTPS retrievals are asynchronous.")
 
-- 
2.11.0

bug#31457: 27.0.50; Move starttls.el and tls.el to lisp/obsolete/

[Robert Pluim]

Noam Postavsky <npostavs@gmail.com> writes:

> Tags: patch
> Severity: minor
>
> Use of an external program such as gnutls-cli instead of the builtin
> libgnutls based functions is already de-facto obsolete: see bugs 15905,
> 23759, 27658, and 31339.

Cool. Do we want to remove sslv3 support from tls.el as well, or are
we not making any more changes to it now?

Robert

bug#31457: 27.0.50; Move starttls.el and tls.el to lisp/obsolete/

[Basil L. Contovounesios]

> From e87446e3f1cdecbb270337fe158a702615b5ac54 Mon Sep 17 00:00:00 2001
> From: Noam Postavsky <npostavs@gmail.com>
> Date: Thu, 13 Jul 2017 08:52:39 -0400
> Subject: [PATCH v1] Move tls.el and starttls.el to lisp/obsolete/
>
> diff --git a/etc/NEWS b/etc/NEWS
> index 77ef3f3457..8193545d9f 100644
> --- a/etc/NEWS
> +++ b/etc/NEWS
> @@ -419,6 +419,9 @@ or NextCloud hosted files and directories.
>  ** The options.el library has been removed.
>  It was obsolete since Emacs 22.1, replaced by customize.
>  
> +** The tls.el and starttls.el libraries are now marked obsolete.
> +Use of builtin of function based on libgnutls is recommended instead.
                 ^^^^

Typo?

-- 
Basil

bug#31457: 27.0.50; Move starttls.el and tls.el to lisp/obsolete/

[Eli Zaretskii]

> From: Robert Pluim <rpluim@gmail.com>
> Date: Tue, 15 May 2018 15:27:42 +0200
> Cc: 31457@debbugs.gnu.org
> 
> Cool. Do we want to remove sslv3 support from tls.el as well, or are
> we not making any more changes to it now?

I see no need to remove anything from a package that becomes obsolete.

bug#31457: 27.0.50; Move starttls.el and tls.el to lisp/obsolete/

[Eli Zaretskii]

> From: Noam Postavsky <npostavs@gmail.com>
> Date: Mon, 14 May 2018 20:03:12 -0400
> 
> Use of an external program such as gnutls-cli instead of the builtin
> libgnutls based functions is already de-facto obsolete: see bugs 15905,
> 23759, 27658, and 31339.

Fine with me (modulo the typo in NEWS), but please wait for a week or
so to give people who want to object time to do so.

Thanks.

bug#31457: 27.0.50; Move starttls.el and tls.el to lisp/obsolete/

[Noam Postavsky]

Eli Zaretskii <eliz@gnu.org> writes:

>> From: Robert Pluim <rpluim@gmail.com>
>> Date: Tue, 15 May 2018 15:27:42 +0200
>> Cc: 31457@debbugs.gnu.org
>> 
>> Cool. Do we want to remove sslv3 support from tls.el as well, or are
>> we not making any more changes to it now?
>
> I see no need to remove anything from a package that becomes obsolete.

The sslv3 "support" is just the "gnutls-cli --x509cafile %t -p %p %h
--protocols ssl3" entry in the default value for tls-program, right?  I
think removing it wouldn't really be removing the feature as such, just
making the default "safer".  People who know what they are doing can
still customize with the appropriate value to get sslv3 if they want.

Hmm, and it looks like my version of gnutls-cli (3.5.8) doesn't even
support the --protocols switch anyway.

"Basil L. Contovounesios" <contovob@tcd.ie> writes:
>>  
>> +** The tls.el and starttls.el libraries are now marked obsolete.
>> +Use of builtin of function based on libgnutls is recommended instead.
>                  ^^^^
>
> Typo?

Oops.  Not sure what I was actually aiming for there.  I rewrote like
this:

** The tls.el and starttls.el libraries are now marked obsolete.
Use of builtin libgnutls based functionality (described in the Emacs
GnuTLS manual) is recommended instead.

bug#31457: 27.0.50; Move starttls.el and tls.el to lisp/obsolete/

[Andreas Schwab]

On Mai 15 2018, Noam Postavsky <npostavs@gmail.com> wrote:

> ** The tls.el and starttls.el libraries are now marked obsolete.
> Use of builtin libgnutls based functionality (described in the Emacs
> GnuTLS manual) is recommended instead.

I think it should be `built-in'.

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

bug#31457: 27.0.50; Move starttls.el and tls.el to lisp/obsolete/

[Noam Postavsky]

tags 31457 fixed
close 31457 27.1
quit

Andreas Schwab <schwab@suse.de> writes:

> On Mai 15 2018, Noam Postavsky <npostavs@gmail.com> wrote:
>
>> ** The tls.el and starttls.el libraries are now marked obsolete.
>> Use of builtin libgnutls based functionality (described in the Emacs
>> GnuTLS manual) is recommended instead.
>
> I think it should be `built-in'.

Fixed and push to master.

[1: 97d5d1a1f4]: 2018-06-18 20:01:44 -0400
  Move tls.el and starttls.el to lisp/obsolete/ (Bug#31457)
  https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=97d5d1a1f4790f959d1bee64e552b492103eddbe