From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: bug#14380: 24.3; `network-stream-open-tls' fails in some imap servers on w32 Date: Sun, 19 May 2013 19:05:22 -0400 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <87txly4ll9.fsf@lifelogs.com> References: <87k3mw79iv.fsf@lifelogs.com> <87zjvr64lt.fsf_-_@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1369004745 12095 80.91.229.3 (19 May 2013 23:05:45 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 19 May 2013 23:05:45 +0000 (UTC) Cc: 14380@debbugs.gnu.org, Eli Zaretskii , emacs-devel@gnu.org To: =?iso-8859-1?Q?Jo=E3o_T=E1vora?= Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon May 20 01:05:42 2013 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1UeCfa-0000dE-OU for ged-emacs-devel@m.gmane.org; Mon, 20 May 2013 01:05:38 +0200 Original-Received: from localhost ([::1]:47889 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UeCfa-0008Ea-7N for ged-emacs-devel@m.gmane.org; Sun, 19 May 2013 19:05:38 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:43140) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UeCfS-0008DS-Uy for emacs-devel@gnu.org; Sun, 19 May 2013 19:05:35 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1UeCfO-0007GA-A6 for emacs-devel@gnu.org; Sun, 19 May 2013 19:05:30 -0400 Original-Received: from mail-yh0-x22d.google.com ([2607:f8b0:4002:c01::22d]:53770) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UeCfO-0007G4-5q for emacs-devel@gnu.org; Sun, 19 May 2013 19:05:26 -0400 Original-Received: by mail-yh0-f45.google.com with SMTP id b20so1487408yha.18 for ; Sun, 19 May 2013 16:05:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=x-received:from:to:cc:subject:organization:references:x-face :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type:content-transfer-encoding; bh=I1kelOJDawq7wl+pJcsZt2sokS0GlPZGCm+czMHNRJo=; b=l7gyx4z/dtnXEpjUBV2EgN+kiUKVRRsNIrVS0fwc85e0wXmtovNbg8xxK+PfP1r/Ag IuBmsWbdWK2gU1TkqN6TDZCFl7a/F0qZPf6bQrkEnpwgnzeWKWH0ToAeWjDBK1zToqXN iBnjJZceVCFj8kaSZ8HOsmF1f1iZ6h6SbWU2E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:from:to:cc:subject:organization:references:x-face :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type:content-transfer-encoding :x-gm-message-state; bh=I1kelOJDawq7wl+pJcsZt2sokS0GlPZGCm+czMHNRJo=; b=b15R1GyGqOv0c+JGoQ0iR9QvBlvAVvj0U/QY7zx78/89EGwAx/dlZZNrN6XPumlWaC UrLgdnKtExhQIce0a21wDwQrCk/9q8evRnH7WHp5DQld9TL0a+gL4O11GKg19b7wVWQS Cy45aX6GOLI6HNQF8O+LZSJwldroaRewzTsQq8xmrRANq58J1C1hHvSSAmLxlhtVxaa2 9E5uYRsGKq9zjpRc5+QrsCplB10hl7c9BR9o3w+Dm1IvpX3vRyp1NQEHx8Un398RGNSY Ud+S3KsAOtTOSG9CkTbMBxEWUkbfj9TLpv++dPddmmsa7hxOuRNZt2Iz074VaKoVqzaH N4Yg== X-Received: by 10.236.25.165 with SMTP id z25mr32927395yhz.56.1369004725843; Sun, 19 May 2013 16:05:25 -0700 (PDT) Original-Received: from heechee (pool-72-93-26-80.bstnma.east.verizon.net. [72.93.26.80]) by mx.google.com with ESMTPSA id i21sm36089107yhl.15.2013.05.19.16.05.23 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Sun, 19 May 2013 16:05:24 -0700 (PDT) X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes In-Reply-To: (=?iso-8859-1?Q?=22Jo=E3o_T=E1vora=22's?= message of "Sun, 19 May 2013 12:45:12 +0100") User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) X-Gm-Message-State: ALoCoQkIGyd0fe6+QpPEVC5Gekx24t8iYcK5kftv+N+1EGrV5gRmUV4tCMaiWyJI6Rlg5hUhVJcE X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2607:f8b0:4002:c01::22d X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:159678 Archived-At: On Sun, 19 May 2013 12:45:12 +0100 Jo=E3o T=E1vora w= rote:=20 JT> On Sun, May 19, 2013 at 4:17 AM, Ted Zlatanov wrote: >> Wouldn't you rather get GnuTLS to work by default? Otherwise we serve >> the use case "I have no secure transport, so let me use a hack by >> default." JT> I don't understand. What is the hack here? External binary for TLS? Using an external binary to transport SSL or TLS is a hack IMO. >> My proposal would be to push out the next Emacs bundled with the latest >> GnuTLS DLLs, only support GnuTLS, provide users with instructions on >> updating them, and treat GnuTLS vulnerabilities as Emacs >> vulnerabilities. This is not ideal but IMO better than the current >> situation. JT> ... but then you have all these headaches. It's a headache I'm willing to endure for the sake of Emacs users. The alternative, which Jo=E3o is enduring now, is to punt the problem. This is a question for the Emacs maintainers: do you agree with me on the above plan? It would mean changing the way Mac OS X and W32 Emacs builds are distributed, to include the GnuTLS libraries with the build, and we'd have to implement a way (perhaps through the ELPA) to distribute updates to these libraries. JT> The fix I proposed aims for the status quo, that is: make external JT> TLS binary support slightly more robust. My test case is even smaller: JT> * W32 JT> * cygwin carrying the responsibility burden JT> * vanilla emacs working with tls/imap/gnus. Did you propose a patch? I would commit a patch but can't write it despite your great description of the problem. Ted