From baea46c5acbb4a5be9b109d8ce06d2aec197353f Mon Sep 17 00:00:00 2001
From: Andrew Fontaine <andrew@afontaine.ca>
Date: Mon, 20 Jul 2020 08:54:18 -0400
Subject: [PATCH] git: set SSL if useStartTls is false

The git-send-email [0] script uses StartTLS if `smtpEncryption` is set
to `tls`, which can break services that don't support StartTLS.

[0]: https://github.com/git/git/blob/bd42bbe1a46c0fe486fc33e82969275e27e4dc19/git-send-email.perl#L1533

PR #1395
---
 doc/release-notes/rl-2009.adoc                          | 2 ++
 modules/programs/git.nix                                | 9 ++++++++-
 tests/modules/accounts/email-test-accounts.nix          | 1 +
 tests/modules/programs/git/git-with-email-expected.conf | 2 +-
 tests/modules/programs/git/git-with-email.nix           | 2 ++
 5 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/doc/release-notes/rl-2009.adoc b/doc/release-notes/rl-2009.adoc
index 0562e046d..7657033f1 100644
--- a/doc/release-notes/rl-2009.adoc
+++ b/doc/release-notes/rl-2009.adoc
@@ -43,3 +43,5 @@ $ nix-shell '<home-manager>' -A install
 
 will automatically include these options, when necessary.
 --
+
+* Git's `smtpEncryption` option is now set to `tls` only if both <<opt-accounts.email.accounts.\_name_.smtp.tls.enable>> and <<opt-accounts.email.accounts.\_name_.smtp.tls.useStartTls>> are `true`. If only <<opt-accounts.email.accounts.\_name_.smtp.tls.enable>> is `true`, `ssl` is used instead.
diff --git a/modules/programs/git.nix b/modules/programs/git.nix
index a174fa0c4..312269de3 100644
--- a/modules/programs/git.nix
+++ b/modules/programs/git.nix
@@ -277,7 +277,14 @@ in {
         genIdentity = name: account:
           with account;
           nameValuePair "sendemail.${name}" ({
-            smtpEncryption = if smtp.tls.enable then "tls" else "";
+            smtpEncryption = if smtp.tls.enable then
+              (if smtp.tls.useStartTls
+              || versionOlder config.home.stateVersion "20.09" then
+                "tls"
+              else
+                "ssl")
+            else
+              "";
             smtpServer = smtp.host;
             smtpUser = userName;
             from = address;
diff --git a/tests/modules/accounts/email-test-accounts.nix b/tests/modules/accounts/email-test-accounts.nix
index 9c9c90cf8..9a4e0b8e7 100644
--- a/tests/modules/accounts/email-test-accounts.nix
+++ b/tests/modules/accounts/email-test-accounts.nix
@@ -21,6 +21,7 @@
         passwordCommand = "password-command 2";
         imap.host = "imap.example.org";
         smtp.host = "smtp.example.org";
+        smtp.tls.useStartTls = true;
       };
     };
   };
diff --git a/tests/modules/programs/git/git-with-email-expected.conf b/tests/modules/programs/git/git-with-email-expected.conf
index 44035a23c..f48b7c333 100644
--- a/tests/modules/programs/git/git-with-email-expected.conf
+++ b/tests/modules/programs/git/git-with-email-expected.conf
@@ -6,7 +6,7 @@
 
 [sendemail "hm@example.com"]
 	from = "hm@example.com"
-	smtpEncryption = "tls"
+	smtpEncryption = "ssl"
 	smtpServer = "smtp.example.com"
 	smtpUser = "home.manager"
 
diff --git a/tests/modules/programs/git/git-with-email.nix b/tests/modules/programs/git/git-with-email.nix
index ca577eef4..d7ed7e185 100644
--- a/tests/modules/programs/git/git-with-email.nix
+++ b/tests/modules/programs/git/git-with-email.nix
@@ -13,6 +13,8 @@ with lib;
       userName = "H. M. Test";
     };
 
+    home.stateVersion = "20.09";
+
     nmt.script = ''
       function assertGitConfig() {
         local value