emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnus/starttls.el and net/tls.el

From: Simon Josefsson
Subject: Re: gnus/starttls.el and net/tls.el
Date: Mon, 26 Nov 2007 16:28:56 +0100
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux) 
Richard Stallman <address@hidden> writes:

>     I'm not sure I understand the reason though.  Is it to avoid having two
>     files?
>
> It is to avoid the code duplication.
>
>           If so, how about moving the code in starttls.el into tls.el?
>
> I don't exactly object, but I am not sure that is the best way.
>
>     Today, I don't think there is any reason, but I may be biased towards
>     favoring GnuTLS.  gnutls-cli didn't used to support starttls operations,
>     but it does today.  As far as I remember, 'starttls' doesn't verify
>     server certificates, so starttls may be considered insecure.
>
> It sounds like the thing to do is to reimplement the useful features
> of starttls.el in tls.el.

The problem is the different set of external dependencies:

 tls.el: use gnutls-cli (GnuTLS) or s_client (OpenSSL)
 starttls.el: use gnutls-cli (GnuTLS) or starttls

As far as I can tell, OpenSSL does not support the general starttls
behaviour, so we cannot switch to that tls.el and starttls.el both
support gnutls+openssl.  Depending on which mode you want to support
(direct tls or the starttls approach) the tls.el code need to change
which tool it uses.  Merging the code paths will lead to a rather
complex code-path, which is tricky to code and debug.  It will likely
also lead to new or different user variables, which will break existing
users configurations, which is another problem.

I'm afraid I don't have time to work on this now.  If someone else likes
to do it, I could try to help in discussions.

/Simon
reply via email to
[Prev in Thread] Current Thread [Next in Thread]