Re: open-{gnutls,network}-stream backwards compatibility

[Robert Pluim <rpluim@gmail.com>]

Eli Zaretskii <eliz@gnu.org> writes:

>> From: Robert Pluim <rpluim@gmail.com>
>> Cc: emacs-devel@gnu.org
>> Date: Wed, 02 Jan 2019 19:56:25 +0100
>> 
>> >   change open-network-stream such that not specifying
>> >   :client-certificate is the same as specifying t
>> >
>> > Doesn't this mean an incompatible change in behavior?
>> 
>> For what I think is a tiny (perhaps non-existent) minority of Emacs
>> users.
>
> We have no reliable way of estimating the number of affected users.
> Besides, even if there's only a single user affected, it requires us
> to consider this an incompatible change, which should be avoided if
> possible.
>

OK. We can check back in a year to see how many people have changed
the configuration variable below from the default.

>
>> My follow-on to that fix would be to assume that not specifying
>> :client-certificate at all when calling open-network-stream is the
>> same as specifying ':client certificate t'. Only people with existing
>> client certificate entries in their auth-source provider (such as
>> .authinfo) would see a change in behaviour.
>
> It's still a change.  At the very least, we should provide a way to
> have the old behavior back.
>

See below

>> If that last change is unacceptable, Iʼd want to change all the
>> callers of open-network-stream inside Emacs to specify
>> ':client-certificate t'. People using built-in Emacs packages would
>> then be able to use client certificates by changing configuration data
>> only. People using packages developed outside Emacs would need to
>> update those external packages to versions which specify
>> ':client-certificate t', which is what Iʼd like to avoid.
>> 
>> Short version: we assume a username/password entry in auth-source for
>> a specific server means 'use this username/password', so we should do
>> the same for a client-certificate specification.
>
> I don't necessarily disagree, provided that we give users who
> want/need that a way to get back the old behavior.  Maybe I'm
> misunderstanding, but it sounds like both of your alternatives are
> backward-incompatible, so they both need such a "fire escape".

How about:

(defcustom network-stream-use-client-certificates
"Whether to use client certificates for network connections.

If set to the default value t, `open-network-stream' will
automatically look for matching client certificates (via
'auth-source') for a destination server, but only if it is called
without a :client-certificate keyword.

Set to nil to disable this lookup globally.  To disable on a
per-connection basis specify ':client-certificate nil' when
calling `open-network-stream'.

        :type '(choice (const t :tag "Always")
        (const nil :tag "Never")))

(Now to find which custom group this goes in...)

Robert