Re: master 91c732f: Always check for client-certificates

[Robert Pluim]

>>>>> On Sat, 16 Nov 2019 10:07:52 +0300, Dmitry Alexandrov <address@hidden> 
>>>>> said:

    Dmitry> From userʼs point of view it means: M-x eww RET https://gnu.org or 
M-x
    Dmitry> list-packages or something else equally anonymous by nature may
    Dmitry> eventually request a passphrase to decrypt private GPG key (that 
one,
    Dmitry> which was used to encrypt ~/.authinfo.gpg), and fail if request is
    Dmitry> rejected.

If the user already trusts Emacs with access to .authinfo.gpg, then
nothing new is happening. If they donʼt then they should customize
'auth-sources'.

If they specifically want to prevent Emacs performing decryption for
network access, then they can customize
'network-stream-use-client-certificates'. We can of course discuss the
default value, but nobody objected during the development of the
feature.

The failure when access is refused is a bug. How does the following
work for you:

commit 41e31c45519b0df6846e73557fba718f1ee29394
Author:     Robert Pluim <address@hidden>
AuthorDate: Sun Nov 17 21:21:48 2019 +0100
Commit:     Robert Pluim <address@hidden>
CommitDate: Sun Nov 17 21:25:22 2019 +0100

    Handle auth-source-search failures in open-network-stream
    
    If the user cancels the gpg decryption pop-up, auth-source-search
    fails *and* epa pops up an error buffer.  Fix epa to allow suppressing
    that, and ignore errors returned from auth-source-search.
    
    * lisp/epa.el (epa-suppress-error-buffer): New defvar.  Bind non-nil
    to stop epa popping up an error buffer.
    
    * lisp/net/network-stream.el: require epa when byte-compiling.
    (network-stream-certificate): ignore errors when calling
    auth-source-search, and suppress the epa error buffer.

diff --git a/lisp/epa.el b/lisp/epa.el
index a2be9a3dbd..13708d046d 100644
--- a/lisp/epa.el
+++ b/lisp/epa.el
@@ -179,6 +179,7 @@ epa-key
 (defvar epa-list-keys-arguments nil)
 (defvar epa-info-buffer nil)
 (defvar epa-error-buffer nil)
+(defvar epa-suppress-error-buffer nil)
 (defvar epa-last-coding-system-specified nil)
 
 (defvar epa-key-list-mode-map
@@ -578,7 +579,8 @@ epa-display-info
     (message "%s" info)))
 
 (defun epa-display-error (context)
-  (unless (equal (epg-context-error-output context) "")
+  (unless (or (equal (epg-context-error-output context) "")
+              epa-suppress-error-buffer)
     (let ((buffer (get-buffer-create "*Error*")))
       (save-selected-window
        (unless (and epa-error-buffer (buffer-live-p epa-error-buffer))
diff --git a/lisp/net/network-stream.el b/lisp/net/network-stream.el
index 1571c76189..4c6056e0c8 100644
--- a/lisp/net/network-stream.el
+++ b/lisp/net/network-stream.el
@@ -46,6 +46,9 @@
 (require 'nsm)
 (require 'puny)
 
+(eval-when-compile
+  (require 'epa)) ; for epa-suppress-error-buffer
+
 (declare-function starttls-available-p "starttls" ())
 (declare-function starttls-negotiate "starttls" (process))
 (declare-function starttls-open-stream "starttls" (name buffer host port))
@@ -225,10 +228,12 @@ network-stream-certificate
       ;; Either nil or a list with a key/certificate pair.
       spec)
      ((eq spec t)
-      (let* ((auth-info
-             (car (auth-source-search :max 1
-                                      :host host
-                                      :port service)))
+      (let* ((epa-suppress-error-buffer t)
+             (auth-info
+              (ignore-errors
+                (car (auth-source-search :max 1
+                                         :host host
+                                         :port service))))
             (key (plist-get auth-info :key))
             (cert (plist-get auth-info :cert)))
        (and key cert (file-readable-p key) (file-readable-p cert)