bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed gnutls-cl

From: Konstantin Kliakhandler
Subject: bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist
Date: Sat, 2 Jul 2016 10:09:50 +0300
Hello,

First, I apologize for the double posting - I realize that I sent the previous message with a messed up subject and this caused it not to be grouped with the rest of the messages in this bug, and to not appear in the tracker. I hope this second one will work now.

I am using emacs on OSX 10.12 from https://emacsformacosx.com/builds

(emacs-version)
"GNU Emacs 25.1.50.1 (x86_64-apple-darwin13.4.0, NS appkit-1265.21 Version 10.9.5 (Build 13F1603))
 of 2016-05-30"

And experience the same problem when running emacs -Q. Furthermore, I diagnosed the cause to be incorrect building of formatted-cmd in open-tls-stream from the given arguments. Attached is a patch that fixes the problem on my end. To make the patch smaller, I did not reindent the whole function - I hope this is alright. 

Finally, I'd like to reply to:
 
Fran <flitterio <at> gmail.com> writes:
> If Cygwin is installed, open-tls-stream works, because gnutls-cli and openssl
> are available. It has worked for some time. I routinely use this feature to
> enable ERC to connect to servers using TLS using function erc-tls.
 
At some point, tls.el will be deprecated. Why aren't you just using
Emacs with the built-in TLS support?

In my honest opinion, a feature is either deprecated or not, and while it is not yet deprecated, bugs should not be ignored. I hope you would agree at least to the point of testing the patch and incorporating it if it works well :-)

Fuller description of the problem and the fix:

The problem: `open-tls-stream' replaces %t with exactly one element, which is nil if none of gnutls-trustfiles is readable, and the first element of gnutls-trustfiles is more than one is readable.
The Solution: In the patch I make the test iterate on all the trustfiles as a user might have more than one relevant. In addition, I made the default setting for tls-program have entries that do not explicitly specify the trustfile.

One thing to note here perhaps, is that if (gnutls-trustfiles) returns an empty list and one has the %t substitution in one of the tls-program entries, then that entry will not be run at all. I feel that this is reasonable since by setting --x509cafile nil one makes gnutls-cli fail anyway. 

Finally, I'm experiencing the above behavior, as far as I can tell, by default in e.g. erc-tls. What is the proper way to move to the built in TLS? Is it likely to be something in my config or in the implementation of ERC?

Thanks,
Kosta

Attachment: 0001-tls-Make-open-tls-stream-try-all-gnutls-trustfiles-a.patch
Description: Binary data

reply via email to
[Prev in Thread] Current Thread [Next in Thread]