From aecb42aa494ca9edb75bb700a807bd9eeed82dca Mon Sep 17 00:00:00 2001
From: Lars Magne Ingebrigtsen <larsi@gnus.org>
Date: Fri, 1 Oct 2010 12:56:44 +0000
Subject: [PATCH] Give up on using gnutls-cli for starttls.

---
 lisp/ChangeLog      | 7 +++++++
 lisp/gnus/ChangeLog | 5 +++++
 lisp/gnus/nnimap.el | 6 +++++-
 lisp/net/tls.el     | 7 +++----
 4 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index fb364f9651..235aec2f47 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,10 @@
+2010-10-01  Lars Magne Ingebrigtsen  <larsi@gnus.org>
+
+	* net/tls.el (tls-starttls-switches): Give up on using starttls with
+	gnutls-cli.
+	(tls-program): Add --insecure to be consistent with the defaults from
+	openssl s_client.  Now all three commands are insecure.
+
 2010-10-01  Eli Zaretskii  <eliz@gnu.org>
 
 	* makefile.w32-in (DEST, TAGS, TAGS-LISP, TAGS-nmake)
diff --git a/lisp/gnus/ChangeLog b/lisp/gnus/ChangeLog
index 32b6716c97..4737a41454 100644
--- a/lisp/gnus/ChangeLog
+++ b/lisp/gnus/ChangeLog
@@ -1,3 +1,8 @@
+2010-10-01  Lars Magne Ingebrigtsen  <larsi@gnus.org>
+
+	* nnimap.el (nnimap-extend-tls-programs): Only extend those programs
+	for starttls that tls.el implements; i.e. openssl.
+
 2010-10-01  Katsumi Yamaoka  <yamaoka@jpl.org>
 
 	* gravatar.el: Don't load image.el that XEmacs doesn't provide.
diff --git a/lisp/gnus/nnimap.el b/lisp/gnus/nnimap.el
index 4d26cdb637..70aa573525 100644
--- a/lisp/gnus/nnimap.el
+++ b/lisp/gnus/nnimap.el
@@ -404,7 +404,11 @@ textual parts.")
     (unless (consp programs)
       (setq programs (list programs)))
     (dolist (program programs)
-      (push (concat program " " "%s") result))
+      (when (assoc (car (split-string program)) tls-starttls-switches)
+	(push (if (not (string-match "%s" program))
+		  (concat program " " "%s")
+		program)
+	      result)))
     (nreverse result)))
 
 (defun nnimap-find-parameter (parameter elems)
diff --git a/lisp/net/tls.el b/lisp/net/tls.el
index ad0768968e..daa1c18c8b 100644
--- a/lisp/net/tls.el
+++ b/lisp/net/tls.el
@@ -76,12 +76,11 @@ and `gnutls-cli' (version 2.0.1) output."
   :group 'tls)
 
 (defvar tls-starttls-switches
-  '(("gnutls-cli" "-s")
-    ("openssl" "-starttls imap"))
+  '(("openssl" "-starttls imap"))
   "Alist of programs and the switches necessary to get starttls behaviour.")
 
-(defcustom tls-program '("gnutls-cli %s -p %p %h"
-			 "gnutls-cli %s -p %p %h --protocols ssl3"
+(defcustom tls-program '("gnutls-cli --insecure -p %p %h"
+			 "gnutls-cli --insecure -p %p %h --protocols ssl3"
 			 "openssl s_client %s -connect %h:%p -no_ssl2 -ign_eof")
   "List of strings containing commands to start TLS stream to a host.
 Each entry in the list is tried until a connection is successful.
-- 
2.20.1