Work around gnutls failures

* net/network-stream.el (network-stream-open-starttls): If gnutls
negotiation fails, then possibly try again with a non-encrypted
connection.

Fixes: debbugs:9017

2 files changed, 14 insertions, 2 deletions

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 282035af2b9..9d80cd12ff7 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,5 +1,9 @@
 2011-07-07  Lars Magne Ingebrigtsen  <larsi@gnus.org>
 
+        * net/network-stream.el (network-stream-open-starttls): If gnutls
+        negotiation fails, then possibly try again with a non-encrypted
+        connection (bug#9017).
+
         * mail/smtpmail.el (smtpmail-stream-type): Note that `plain' can
         be used.
 
diff --git a/lisp/net/network-stream.el b/lisp/net/network-stream.el
index 038794e117d..bb09d8945c9 100644
--- a/lisp/net/network-stream.el
+++ b/lisp/net/network-stream.el
@@ -263,8 +263,16 @@ functionality.
         ;; The server said it was OK to begin STARTTLS negotiations.
         (if builtin-starttls
             (let ((cert (network-stream-certificate host service parameters)))
-              (gnutls-negotiate :process stream :hostname host
-                                :keylist (and cert (list cert))))
+              (condition-case nil
+                  (gnutls-negotiate :process stream :hostname host
+                                    :keylist (and cert (list cert)))
+                ;; If we get a gnutls-specific error (for instance if
+                ;; the certificate the server gives us is completely
+                ;; syntactically invalid), then close the connection
+                ;; and possibly (further down) try to create a
+                ;; non-encrypted connection.
+                (gnutls-error
+                 (delete-process stream))))
           (unless (starttls-negotiate stream)
             (delete-process stream)))
         (if (memq (process-status stream) '(open run))