From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Lars Magne Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.devel
Subject: Opportunistic STARTTLS in smtpmail.el (was: Emacs RPC security)
Date: Mon, 02 May 2011 00:19:18 +0200
Organization: Programmerer Ingebrigtsen
Message-ID: <m3tyde83o9.fsf_-_@quimbies.gnus.org>
References: <m3ipu4u7bv.fsf@quimbies.gnus.org> <87d3kal0za.fsf@lifelogs.com>
	<jwvfwp6xmr0.fsf-monnier+emacs@gnu.org> <874o5mky4o.fsf@lifelogs.com>
	<m3oc3mb68s.fsf@quimbies.gnus.org> <m3bozm9j08.fsf@quimbies.gnus.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: dough.gmane.org 1304288386 29962 80.91.229.12 (1 May 2011 22:19:46 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Sun, 1 May 2011 22:19:46 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon May 02 00:19:42 2011
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1QGezN-0001bv-Hw
	for ged-emacs-devel@m.gmane.org; Mon, 02 May 2011 00:19:41 +0200
Original-Received: from localhost ([::1]:40474 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1QGezM-0001lN-Uj
	for ged-emacs-devel@m.gmane.org; Sun, 01 May 2011 18:19:40 -0400
Original-Received: from eggs.gnu.org ([140.186.70.92]:39826)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1QGezH-0001lI-SF
	for emacs-devel@gnu.org; Sun, 01 May 2011 18:19:38 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1QGezE-0006iP-2t
	for emacs-devel@gnu.org; Sun, 01 May 2011 18:19:35 -0400
Original-Received: from lo.gmane.org ([80.91.229.12]:46453)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1QGezD-0006iF-Kz
	for emacs-devel@gnu.org; Sun, 01 May 2011 18:19:32 -0400
Original-Received: from list by lo.gmane.org with local (Exim 4.69)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1QGezA-0001XP-7r
	for emacs-devel@gnu.org; Mon, 02 May 2011 00:19:28 +0200
Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Mon, 02 May 2011 00:19:28 +0200
Original-Received: from larsi by cm-84.215.51.58.getinternet.no with local (Gmexim 0.1
	(Debian)) id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Mon, 02 May 2011 00:19:28 +0200
X-Injected-Via-Gmane: http://gmane.org/
Mail-Followup-To: emacs-devel@gnu.org
Original-Lines: 40
Original-X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: cm-84.215.51.58.getinternet.no
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAMFBMVEWEGSLu7ew0BRGPLjKZ
	e32onpxjCB2xr7VsDh7IxccDAAX////+//6Rj5aIUU7+/v1BjlU6AAAB8UlEQVQ4ja3SwWvaUBzA
	8UfdQXoYCC09BC8ZCyWHEZIhnsKGke7iRnEioTiGBSneCg2eBDEg7+RNhoSykkMov0Ohh1HkN8gf
	sJOghB3cxvS6gGcPWdKqe4oeBv1CcnifkAc/fgSnnItRs+gVzKInCIIZwcJ3Lzy5LfaLRs0b6oiX
	1kG9YxF8qHd0fnQx9EoeusmfeyNtCYj77+o13ehib7+fSCS4f5A8GRolrYh3XY/DgIH7DmaYPB5x
	mF2BnvGpU8PLfsnCixVwp0FiiobeOU/U1n81/yIIcCNEPTLcdtey5nA3WutkAQPff+vPm2h+bgk/
	7JgkAjiNFjjmZPcPA0SqhkDT5YaaSTEAMeUeNEpNhbJwKjVFQaBqPt6QVmFHhOsWjel5qigs3KQB
	bgRqqlJ7rI4YsH8DHDqtj0r8qfKyzgBUeKBOq0LjhDzJsSALIDu0chaCugKODWDzos2HsZfDFQ/L
	VkBYgJNiQQT6S3yAF/kqA2lxJxoW37TlU4WBQaYpS2oVDsOBmGN2upK5K2gyPJcahCgMDEg78+z1
	GzgLz6V4iwVT0Y5f2ZSnJCzHgJoyfSKWhXQspmYZmGTK7bEpy77yPuMXSkvYtiW92lqLvfr/FX0M
	cLfA173P3zaBq40n+kYofMhuBMQv3LbLLfwLN2nMwkzvJGgAAAAASUVORK5CYII=
Mail-Copies-To: never
X-Now-Playing: Art Ensemble of Chicago's _Live in Paris (1)_: "Oh,
	Strange (Part Two)"
User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux)
Cancel-Lock: sha1:j2okhkJBCwjVo/Z1s2+sEwWENHQ=
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-Received-From: 80.91.229.12
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: </archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:138948
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/138948>

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> Hm...  perhaps I should convert smtpmail.el to use opportunistic
> STARTTLS while I'm at it. 

Oh, now I remember why I didn't do the smtpmail.el `open-network-stream'
conversion the last time.

smtpmail.el provides an option to pass TLS credentials to the server via
switches like 

"--x509keyfile" "--x509certfile"

to gnutlc-cli.  `open-network-stream' has no concept of these things,
and I'm not sure gnutls.c has, either.  Ted?

If gnutls.c has, I can extend `open-network-stream' to take keywords for
the keyfile and the certfile, if that is the way we want to go.  Or
perhaps add a global variable like `smtpmail-starttls-credentials',

;;(setq smtpmail-starttls-credentials
;;      '(("YOUR SMTP HOST" 25 "~/.my_smtp_tls.key" "~/.my_smtp_tls.cert")))

but call it `network-tls-credentials', and have `open-network-stream'
deal with this stuff itself -- if it's doing a STARTTLS or a TLS
connection, is can consult the `network-tls-credential' variable, see if
it finds a match, and then feed the required data to
starttls.el/tls.el/gnutls.c.  (*Phew*.)

But I'm wondering -- does anybody use this credential stuff for talking
to their SMTP servers?

I'd rather just delete `smtpmail-starttls-credentials' and pretend that
I've never heard about it.

Opinions, please...

-- 
(domestic pets only, the antidote for overdose, milk.)
  bloggy blog http://lars.ingebrigtsen.no/