On Tue, 22 Mar 2011 16:14:08 -0500 Ted Zlatanov wrote: TZ> On Tue, 22 Mar 2011 14:50:06 -0400 Stefan Monnier wrote: SM> BTW, I had not noticed this part in gnutls.el, which seems like an SM> error: why would you want it to be buffer-local? Gnutls is about SM> processes, so binding this var to buffers makes no sense to me. TZ> ... SM> Now that I look at it, I don't understand what this gnutls-hostname SM> variable is about. Why isn't it an additional keyword argument instead? SM> It needs better documentation than the current "Remote hostname.". After thinking about it some more, I realized that this need for separating the hostname out was mostly my fantasy :) I modified `gnutls-negotiate' to take a hostname and removed `gnutls-hostname' everywhere. The hostname is now passed via :hostname to `gnutls-boot'. So the caller is responsible for preserving the hostname if he wants to call `gnutls-negotiate' but with `open-gnutls-stream' everything Just Works. >>> + (set (intern "gnutls-hostname") host)) SM> Yuck!! SM> This should say "(setq gnutls-hostname host)": more efficient, more SM> concise, more understandable (also for the compiler), ... This is gone now. I've added some new code to the patch and reformatted a few long lines, too. On Wed, 23 Mar 2011 09:42:11 +0100 Robert Pluim wrote: RP> That doesn't work for me. Just to be clear, I connect to my imap server RP> on port 993 with TLS, it's not a connection that gets upgraded after the RP> fact, so I suspect proto-stream-open-tls needs to change. I see. It was a bug in the original code, but in addition I reworked things as mentioned above so Gnus will work properly now (tested). The *Messages* warnings about failed certificates are a little annoying so I set them to be issued only when `gnutls-log-level' is above 0 (off by default). The HTTP users of the GnuTLS functionality will probably want to set :verify-error and :verify-hostname-error instead of raising `gnutls-log-level', but many IMAP users have self-signed certificates. So I'm totally throwing that problem at the API users like proto-stream.el :) Thanks Ted