From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#14380: 24.3;
	`network-stream-open-tls' fails in some imap servers on w32
Date: Sat, 18 May 2013 23:17:02 -0400
Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?=
	=?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @
	Cienfuegos
Message-ID: <87zjvr64lt.fsf_-___27816.1553120755$1368933473$gmane$org@lifelogs.com>
References: <87k3mw79iv.fsf@lifelogs.com>
	<CALDnm51ZBQn_T0w43TfNiui+nfBcJL5z_4egAXmtwdHOW3qCXQ@mail.gmail.com>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Trace: ger.gmane.org 1368933468 22042 80.91.229.3 (19 May 2013 03:17:48 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Sun, 19 May 2013 03:17:48 +0000 (UTC)
Cc: 14380@debbugs.gnu.org, emacs-devel@gnu.org
To: =?UTF-8?Q?Jo=C3=A3o_?= =?UTF-8?Q?T=C3=A1vora?= <joaotavora@gmail.com>,
	Eli Zaretskii <eliz@gnu.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun May 19 05:17:47 2013
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1Udu81-0005gs-Av
	for geb-bug-gnu-emacs@m.gmane.org; Sun, 19 May 2013 05:17:45 +0200
Original-Received: from localhost ([::1]:55042 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1Udu80-0001TF-Qs
	for geb-bug-gnu-emacs@m.gmane.org; Sat, 18 May 2013 23:17:44 -0400
Original-Received: from eggs.gnu.org ([208.118.235.92]:36704)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1Udu7v-0001NP-Bz
	for bug-gnu-emacs@gnu.org; Sat, 18 May 2013 23:17:40 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1Udu7u-0005wA-8T
	for bug-gnu-emacs@gnu.org; Sat, 18 May 2013 23:17:39 -0400
Original-Received: from debbugs.gnu.org ([140.186.70.43]:34352)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1Udu7u-0005w6-50
	for bug-gnu-emacs@gnu.org; Sat, 18 May 2013 23:17:38 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1Udu8I-0004kr-3e; Sat, 18 May 2013 23:18:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Ted Zlatanov <tzz@lifelogs.com>
Original-Sender: debbugs-submit-bounces@debbugs.gnu.org
Resent-CC: bug-gnu-emacs@gnu.org, bugs@gnus.org
Resent-Date: Sun, 19 May 2013 03:18:01 +0000
Resent-Message-ID: <handler.14380.B14380.136893347518242@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 14380
X-GNU-PR-Package: emacs,gnus
X-GNU-PR-Keywords: 
Original-Received: via spool by 14380-submit@debbugs.gnu.org id=B14380.136893347518242
	(code B ref 14380); Sun, 19 May 2013 03:18:01 +0000
Original-Received: (at 14380) by debbugs.gnu.org; 19 May 2013 03:17:55 +0000
Original-Received: from localhost ([127.0.0.1]:50942 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1Udu8A-0004kA-NV
	for submit@debbugs.gnu.org; Sat, 18 May 2013 23:17:55 -0400
Original-Received: from mail-gg0-f177.google.com ([209.85.161.177]:45195)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <tzz@lifelogs.com>) id 1Udu88-0004jn-9y
	for 14380@debbugs.gnu.org; Sat, 18 May 2013 23:17:53 -0400
Original-Received: by mail-gg0-f177.google.com with SMTP id r4so1064894ggn.22
	for <14380@debbugs.gnu.org>; Sat, 18 May 2013 20:17:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google;
	h=x-received:from:to:cc:subject:organization:references:x-face
	:mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id
	:user-agent:mime-version:content-type:content-transfer-encoding;
	bh=C8X8nNHAzGNfl/ehV5j6PIpckDXYYlWArBNDLpv5+XQ=;
	b=lDURJv4krHABLqHUd26YrbTCpdYMMzoa5PKmc3i/ul4Wlj1KdJ7K2av22z7AgZkish
	H6NMp4qjqRs0d0ZIO0C/WTmH4r7/T3e7oRDrXKs4p5vRH3BCVfnXGgPCboB4F1/yMdIu
	344WVhT1zSDC5tVpIS0rc0g4iFKlW6BvayQyM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=x-received:from:to:cc:subject:organization:references:x-face
	:mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id
	:user-agent:mime-version:content-type:content-transfer-encoding
	:x-gm-message-state;
	bh=C8X8nNHAzGNfl/ehV5j6PIpckDXYYlWArBNDLpv5+XQ=;
	b=KEhwLNcpLS4iItZX8WTdGw7givhGUgZ7uSAxWcaf9QGA1Jebz0EVwpKswFbc/9ndf4
	v4egRz53+CxHveZ0aztJF5Z0EF877YXJLFacqExM3s1VStdgMFDgNvW8YZ6u4SRHxjpm
	Q3TBVQUtdMfn/h6RtG7tcQB0qaziBKFvOyrm0KVUPPRt7qPK+juvkMVjClP56ttLi6Nj
	NTjrCPsIC/bXlDV7jU8Bs+WxSN+IB3SXGCjQWRUTBsu/BHDmgw59hVBy+NjuAJ2JnPgP
	dWAkEpI9xyEVzfvqKvYq4xAWQ+TfKc4bm8DlhNsdw3J8O6pbc7NjP/PjQoS1a8iBxCiO
	BADQ==
X-Received: by 10.236.138.79 with SMTP id z55mr30477992yhi.104.1368933441907; 
	Sat, 18 May 2013 20:17:21 -0700 (PDT)
Original-Received: from heechee (pool-72-93-26-80.bstnma.east.verizon.net.
	[72.93.26.80]) by mx.google.com with ESMTPSA id
	m64sm11230089yhj.21.2013.05.18.20.17.13 for <multiple recipients>
	(version=TLSv1.2 cipher=RC4-SHA bits=128/128);
	Sat, 18 May 2013 20:17:21 -0700 (PDT)
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
	d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
	D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
Gmane-Reply-To-List: yes
In-Reply-To: <CALDnm51ZBQn_T0w43TfNiui+nfBcJL5z_4egAXmtwdHOW3qCXQ@mail.gmail.com>
	("=?UTF-8?Q?Jo=C3=A3o_?= =?UTF-8?Q?T=C3=A1vora?="'s message of "Sat,
	18 May 2013 14:05:47 +0100")
User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux)
X-Gm-Message-State: ALoCoQnE4mnQnNdJeDo7tyz2jZJ3Hp9uYMVv38yIrG/A7fjWs76s/XpV7rv9jfMeNJtv0ISlyZ9D
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 140.186.70.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:74398
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/74398>

(CC to emacs-devel as I think this discussion is relevant there)

On Sat, 18 May 2013 14:05:47 +0100 Jo=E3o T=E1vora <joaotavora@gmail.com> w=
rote:=20

JT> The point [is] that needing external libraries which are not always
JT> bundled doesn't make it very "builtin".

I'm not bringing GnuTLS into the Emacs source tree, which is the only
other way to make it built-in functionality.  I understand there are
issues with external dependencies and in fact I asked that we bundle the
GnuTLS W32 DLLs with the W32 Emacs builds.  That led to a long
discussions about how that makes security our responsibility and how we
then need to deal with GnuTLS updates, and I didn't have a strong desire
to become a W32 distribution expert since I barely know that platform.
No one else picked it up, and there we are with "install it yourself" as
the recommended way to get GnuTLS to work on W32.

>> I've seen dozens of bugs related to "almost working" external TLS
>> binaries on all platforms.

JT> Yes, but have you looked closely at this particular one? The point is r=
ather
JT> to increase robustness. That is, `open-tls-stream` could/should promise
JT> to cleanup the process buffer of its handshake garbage, so that future
JT> functions that use that resource don't see it and don't get confused by=
 it.

JT> I'm assuming they don't need to see it, I might be wrong.

I'm not able to fix this bug or work on bugs in the external SSL/TLS suppor=
t.

JT> But if I'm right and that fix is performed then you've effectively exte=
nded
JT> "imap just works" the set of W32 emacs users who type "M-x gnus" on a
JT> vanilla emacs in a system with some cygwin installation in PATH. Maybe =
it's
JT> a small set but I'm in it (when I'm at work).

Wouldn't you rather get GnuTLS to work by default?  Otherwise we serve
the use case "I have no secure transport, so let me use a hack by
default."

>> GnuTLS integration with Emacs.  My vote is to require GnuTLS with Emacs
>> and to only support it, but there are some questions there, mainly for
>> W32 and Mac OS X: do we auto-update GnuTLS?  What happens when the
>> GnuTLS we install conflicts with another system install?  And so on...

JT> That's all fine, I guess. I vote for that too :-)

The big problem for me is that I don't have the time or platform
knowledge to write a GnuTLS auto-installer and updater for those two
problematic platforms.  The GnuTLS developers don't want to provide this
service either.  Who will be responsible to it?  What happens when a
security vulnerability hits the DLLs we distribute with Emacs?

My proposal would be to push out the next Emacs bundled with the latest
GnuTLS DLLs, only support GnuTLS, provide users with instructions on
updating them, and treat GnuTLS vulnerabilities as Emacs
vulnerabilities.  This is not ideal but IMO better than the current
situation.

Ted