Set :use-starttls-if-possible so that we always use STARTTLS if the server supports it.

SMTP servers that support STARTTLS commonly require it.
2025-01-29 19:48:19 +00:00 · 2011-06-22 00:55:52 +02:00 · 2011-06-22 00:55:52 +02:00 · 6af7a7844e
commit 6af7a7844e
parent 7d36ad4669
3 changed files with 21 additions and 2 deletions
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@ -1,5 +1,14 @@
 2011-06-21  Lars Magne Ingebrigtsen  <larsi@gnus.org>

+	* mail/smtpmail.el (smtpmail-via-smtp): Set
+	:use-starttls-if-possible so that we always use STARTTLS if the
+	server supports it.  SMTP servers that support STARTTLS commonly
+	require it.
+
+	* net/network-stream.el (network-stream-open-starttls): Support
+	upgrading to STARTTLS always, even if we don't have built-in support.
+	(open-network-stream): Add the :always-query-capabilies keyword.
+
 	* mail/smtpmail.el: Rewritten to do opportunistic STARTTLS
 	upgrades with `open-network-stream', and rely solely on
 	auth-source for all credentials.  Big changes throughout the file,
--- a/lisp/mail/smtpmail.el
+++ b/lisp/mail/smtpmail.el
@ -627,7 +627,8 @@ The list is in preference order.")
 		 (lambda (capabilities)
 		   (and (string-match "-STARTTLS" capabilities)
 			"STARTTLS\r\n"))
-		 :client-certificate t))
+		 :client-certificate t
+		 :use-starttls-if-possible t))

 	  ;; If we couldn't access the server at all, we give up.
 	  (unless (setq process (car result))
--- a/lisp/net/network-stream.el
+++ b/lisp/net/network-stream.el
@ -120,6 +120,10 @@ values:
  certificate.  This parameter will only be used when doing TLS
  or STARTTLS connections.

+If :use-starttls-if-possible is non-nil, do opportunistic
+STARTTLS upgrades even if Emacs doesn't have built-in TLS
+functionality.
+
 :nowait is a boolean that says the connection should be made
  asynchronously, if possible."
  (unless (featurep 'make-network-process)
@ -208,7 +212,8 @@ values:
    ;; If we have built-in STARTTLS support, try to upgrade the
    ;; connection.
    (when (and (or (fboundp 'open-gnutls-stream)
-		   (and require-tls
+		   (and (or require-tls
+			    (plist-get parameters :use-starttls-if-possible))
 			(executable-find "gnutls-cli")))
 	       capabilities success-string starttls-function
 	       (setq starttls-command
@ -236,6 +241,10 @@ values:
 			 starttls-extra-arguments)))
 	  (setq stream (starttls-open-stream name buffer host service)))
 	(network-stream-get-response stream start eoc))
+      ;; Requery capabilities for protocols that require it; i.e.,
+      ;; EHLO for SMTP.
+      (when (plist-get parameters :always-query-capabilities)
+	(network-stream-command stream capability-command eoc))
      (when (string-match success-string
 			  (network-stream-command stream starttls-command eoc))
 	;; The server said it was OK to begin STARTTLS negotiations.