From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail
From: Robert Pluim <rpluim@gmail.com>
Newsgroups: gmane.emacs.devel
Subject: Re: master 91c732f: Always check for client-certificates
Date: Sun, 17 Nov 2019 21:32:48 +0100
Message-ID: <m2d0dqp7kf.fsf@gmail.com>
References: <20191105084339.26687.81756@vcs0.savannah.gnu.org>
 <20191105084341.1496620A3C@vcs0.savannah.gnu.org>
 <imnks3hz.321942@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226";
	logging-data="250973"; mail-complaints-to="usenet@blaine.gmane.org"
Cc: emacs-devel@gnu.org
To: Dmitry Alexandrov <321942@gmail.com>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Nov 17 21:33:31 2019
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.89)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1iWREh-0013Af-Ia
	for ged-emacs-devel@m.gmane.org; Sun, 17 Nov 2019 21:33:31 +0100
Original-Received: from localhost ([::1]:56214 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1iWREf-0004L5-Nd
	for ged-emacs-devel@m.gmane.org; Sun, 17 Nov 2019 15:33:29 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:60931)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <rpluim@gmail.com>) id 1iWRE5-0004Kl-T8
 for emacs-devel@gnu.org; Sun, 17 Nov 2019 15:32:55 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <rpluim@gmail.com>) id 1iWRE4-0000CF-BY
 for emacs-devel@gnu.org; Sun, 17 Nov 2019 15:32:53 -0500
Original-Received: from mail-wm1-x334.google.com ([2a00:1450:4864:20::334]:55553)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <rpluim@gmail.com>) id 1iWRE4-0000Ao-5T
 for emacs-devel@gnu.org; Sun, 17 Nov 2019 15:32:52 -0500
Original-Received: by mail-wm1-x334.google.com with SMTP id b11so15227308wmb.5
 for <emacs-devel@gnu.org>; Sun, 17 Nov 2019 12:32:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:references:gmane-reply-to-list:date:in-reply-to
 :message-id:mime-version:content-transfer-encoding;
 bh=fNs0tj4exWVE73vsViV8l2++yHWJxCkw6LisfEJM7Lk=;
 b=a6oxytw84L5Zy7GbTJ2FLiVfKGAInphgKZwn7BSvkO/+CV0yEYyT1+B4WzDJJJVcTd
 4gTQ89mNnAr2MCV7VCc5VgBdd7cJlLghF1i1tdGBL4zmDoByT1AQ2eY9BUsd4Qz0JavD
 Jtdtekkbkduf9cD3dxupi6WLQD95x8jhgUeBE+gTIWEshWFgD2UZ0aynuH4F3knnCpj9
 agAqTv179fm+oFB5dR3wHyF1snDpf0/ntanuuliDf08Rsv2QYwhWMsDywqtiscrYBErN
 r8ECACncAVSHh5ZogGhfPEGSfgOm0OJFv4kH9sXl1OW4Q0ldAbgOEx4MTQEDeXPcN8ea
 Oi9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:references
 :gmane-reply-to-list:date:in-reply-to:message-id:mime-version
 :content-transfer-encoding;
 bh=fNs0tj4exWVE73vsViV8l2++yHWJxCkw6LisfEJM7Lk=;
 b=NAjTD6/LmocP4cpT1DVOCNmfVtoWlMt7HVgbTWIkZMYZ8l1Zw4ZRcH7OGHa0hRytEe
 sX8Mi9e2faUSSccubUVfdpYB0SryuzUW6jUxA7uCb3YajhSt+wMZbknQ7h68KezsAsmF
 mHXa8n+zsSH5uEWFEdTobph3KstztHp0s5+d26McFHH/mINmZ1Dr6EddP9hndRQm/5ov
 wNX42Jq+vOiQsoGtIIoCh3BuzzEdSbpaDgiCDKVe0qJNgRsKZ4lbI44nil4ISYm8A6j1
 GCXMFwNIh64/HVk51+y2yxUS/+a6qqnkxxhIHxl1/puyFrrCiEPfPv2l54/aPlINu1bv
 TwDQ==
X-Gm-Message-State: APjAAAUA7S5G/l0bZx89V13TjSKysnOXebpf65MyelHrMb1M6U/x0mxL
 SenGw2GUts3L/IVma2Zq6qGJskV+
X-Google-Smtp-Source: APXvYqzSsiUxmzKN94u4SJ81oSCJ3X6+KPXL1nwSQpaoBoJY41gO9nI9ub/U4eI7II61WC7UFepF8A==
X-Received: by 2002:a1c:2dd0:: with SMTP id t199mr24732837wmt.58.1574022770586; 
 Sun, 17 Nov 2019 12:32:50 -0800 (PST)
Original-Received: from rpluim-mac ([2a01:e34:ecfc:a860:e5ed:2be6:eb41:ad68])
 by smtp.gmail.com with ESMTPSA id n13sm17495902wmi.25.2019.11.17.12.32.49
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 17 Nov 2019 12:32:49 -0800 (PST)
Gmane-Reply-To-List: yes
In-Reply-To: <imnks3hz.321942@gmail.com> (Dmitry Alexandrov's message of "Sat, 
 16 Nov 2019 10:07:52 +0300")
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2a00:1450:4864:20::334
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:242326
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/242326>

>>>>> On Sat, 16 Nov 2019 10:07:52 +0300, Dmitry Alexandrov <321942@gmail.c=
om> said:

    Dmitry> From user=CA=BCs point of view it means: M-x eww RET https://gn=
u.org or M-x
    Dmitry> list-packages or something else equally anonymous by nature may
    Dmitry> eventually request a passphrase to decrypt private GPG key (tha=
t one,
    Dmitry> which was used to encrypt ~/.authinfo.gpg), and fail if request=
 is
    Dmitry> rejected.

If the user already trusts Emacs with access to .authinfo.gpg, then
nothing new is happening. If they don=CA=BCt then they should customize
'auth-sources'.

If they specifically want to prevent Emacs performing decryption for
network access, then they can customize
'network-stream-use-client-certificates'. We can of course discuss the
default value, but nobody objected during the development of the
feature.

The failure when access is refused is a bug. How does the following
work for you:

commit 41e31c45519b0df6846e73557fba718f1ee29394
Author:     Robert Pluim <rpluim@gmail.com>
AuthorDate: Sun Nov 17 21:21:48 2019 +0100
Commit:     Robert Pluim <rpluim@gmail.com>
CommitDate: Sun Nov 17 21:25:22 2019 +0100

    Handle auth-source-search failures in open-network-stream
=20=20=20=20
    If the user cancels the gpg decryption pop-up, auth-source-search
    fails *and* epa pops up an error buffer.  Fix epa to allow suppressing
    that, and ignore errors returned from auth-source-search.
=20=20=20=20
    * lisp/epa.el (epa-suppress-error-buffer): New defvar.  Bind non-nil
    to stop epa popping up an error buffer.
=20=20=20=20
    * lisp/net/network-stream.el: require epa when byte-compiling.
    (network-stream-certificate): ignore errors when calling
    auth-source-search, and suppress the epa error buffer.

diff --git a/lisp/epa.el b/lisp/epa.el
index a2be9a3dbd..13708d046d 100644
--- a/lisp/epa.el
+++ b/lisp/epa.el
@@ -179,6 +179,7 @@ epa-key
 (defvar epa-list-keys-arguments nil)
 (defvar epa-info-buffer nil)
 (defvar epa-error-buffer nil)
+(defvar epa-suppress-error-buffer nil)
 (defvar epa-last-coding-system-specified nil)
=20
 (defvar epa-key-list-mode-map
@@ -578,7 +579,8 @@ epa-display-info
     (message "%s" info)))
=20
 (defun epa-display-error (context)
-  (unless (equal (epg-context-error-output context) "")
+  (unless (or (equal (epg-context-error-output context) "")
+              epa-suppress-error-buffer)
     (let ((buffer (get-buffer-create "*Error*")))
       (save-selected-window
 	(unless (and epa-error-buffer (buffer-live-p epa-error-buffer))
diff --git a/lisp/net/network-stream.el b/lisp/net/network-stream.el
index 1571c76189..4c6056e0c8 100644
--- a/lisp/net/network-stream.el
+++ b/lisp/net/network-stream.el
@@ -46,6 +46,9 @@
 (require 'nsm)
 (require 'puny)
=20
+(eval-when-compile
+  (require 'epa)) ; for epa-suppress-error-buffer
+
 (declare-function starttls-available-p "starttls" ())
 (declare-function starttls-negotiate "starttls" (process))
 (declare-function starttls-open-stream "starttls" (name buffer host port))
@@ -225,10 +228,12 @@ network-stream-certificate
       ;; Either nil or a list with a key/certificate pair.
       spec)
      ((eq spec t)
-      (let* ((auth-info
-	      (car (auth-source-search :max 1
-				       :host host
-				       :port service)))
+      (let* ((epa-suppress-error-buffer t)
+             (auth-info
+              (ignore-errors
+                (car (auth-source-search :max 1
+                                         :host host
+                                         :port service))))
 	     (key (plist-get auth-info :key))
 	     (cert (plist-get auth-info :cert)))
 	(and key cert (file-readable-p key) (file-readable-p cert)