From: Simon Josefsson <simon@josefsson.org>
To: rms@gnu.org
Cc: emacs-devel@gnu.org
Subject: Re: gnus/starttls.el and net/tls.el
Date: Mon, 26 Nov 2007 16:28:56 +0100 [thread overview]
Message-ID: <87d4txdo07.fsf@mocca.josefsson.org> (raw)
In-Reply-To: <E1IsspB-0003WX-Gk@fencepost.gnu.org> (Richard Stallman's message of "Thu, 15 Nov 2007 23:29:01 -0500")
Richard Stallman <rms@gnu.org> writes:
> I'm not sure I understand the reason though. Is it to avoid having two
> files?
>
> It is to avoid the code duplication.
>
> If so, how about moving the code in starttls.el into tls.el?
>
> I don't exactly object, but I am not sure that is the best way.
>
> Today, I don't think there is any reason, but I may be biased towards
> favoring GnuTLS. gnutls-cli didn't used to support starttls operations,
> but it does today. As far as I remember, 'starttls' doesn't verify
> server certificates, so starttls may be considered insecure.
>
> It sounds like the thing to do is to reimplement the useful features
> of starttls.el in tls.el.
The problem is the different set of external dependencies:
tls.el: use gnutls-cli (GnuTLS) or s_client (OpenSSL)
starttls.el: use gnutls-cli (GnuTLS) or starttls
As far as I can tell, OpenSSL does not support the general starttls
behaviour, so we cannot switch to that tls.el and starttls.el both
support gnutls+openssl. Depending on which mode you want to support
(direct tls or the starttls approach) the tls.el code need to change
which tool it uses. Merging the code paths will lead to a rather
complex code-path, which is tricky to code and debug. It will likely
also lead to new or different user variables, which will break existing
users configurations, which is another problem.
I'm afraid I don't have time to work on this now. If someone else likes
to do it, I could try to help in discussions.
/Simon
next prev parent reply other threads:[~2007-11-26 15:28 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <E1Ipflm-0004Yx-6I@fencepost.gnu.org>
2007-11-08 13:35 ` gnus/starttls.el and net/tls.el Simon Josefsson
2007-11-09 22:00 ` Richard Stallman
2007-11-15 14:20 ` Simon Josefsson
2007-11-16 4:29 ` Richard Stallman
2007-11-26 15:28 ` Simon Josefsson [this message]
2007-11-26 22:39 ` Richard Stallman
2007-11-28 13:44 ` Sascha Wilde
2007-11-29 11:34 ` Simon Josefsson
2007-11-29 12:08 ` Sascha Wilde
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87d4txdo07.fsf@mocca.josefsson.org \
--to=simon@josefsson.org \
--cc=emacs-devel@gnu.org \
--cc=rms@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).