Work around gnutls failures

* net/network-stream.el (network-stream-open-starttls): If gnutls
negotiation fails, then possibly try again with a non-encrypted
connection.

Fixes: debbugs:9017

2 files changed, 14 insertions, 2 deletions

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 282035af2b9..9d80cd12ff7 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,5 +1,9 @@
 2011-07-07  Lars Magne Ingebrigtsen  <larsi@gnus.org>
 
+	* net/network-stream.el (network-stream-open-starttls): If gnutls
+	negotiation fails, then possibly try again with a non-encrypted
+	connection (bug#9017).
+
 	* mail/smtpmail.el (smtpmail-stream-type): Note that `plain' can
 	be used.
 
diff --git a/lisp/net/network-stream.el b/lisp/net/network-stream.el
index 038794e117d..bb09d8945c9 100644
--- a/lisp/net/network-stream.el
+++ b/lisp/net/network-stream.el
@@ -263,8 +263,16 @@ functionality.
 	;; The server said it was OK to begin STARTTLS negotiations.
 	(if builtin-starttls
 	    (let ((cert (network-stream-certificate host service parameters)))
-	      (gnutls-negotiate :process stream :hostname host
-				:keylist (and cert (list cert))))
+	      (condition-case nil
+		  (gnutls-negotiate :process stream :hostname host
+				    :keylist (and cert (list cert)))
+		;; If we get a gnutls-specific error (for instance if
+		;; the certificate the server gives us is completely
+		;; syntactically invalid), then close the connection
+		;; and possibly (further down) try to create a
+		;; non-encrypted connection.
+		(gnutls-error
+		 (delete-process stream))))
 	  (unless (starttls-negotiate stream)
 	    (delete-process stream)))
 	(if (memq (process-status stream) '(open run))