Frozen on "Opening STARTTLS connection to ‘smtp.qq.com:587’...done"

Question

I referenced the answer to question sending-emails-with-emacs24-via-smtp-with-gnutls-and-extra-arguments

and set my config as

(setq user-mail-address "abst.proc.do@qq.com")
(setq user-full-name "abst.proc.do")

(require 'smtpmail)
(require 'starttls)

(setq message-send-mail-function 'smtpmail-send-it)
(defun gnutls-available-p ()
  "Function redefined in order not to use built-in GnuTLS support"
  nil)
(setq starttls-gnutls-program "gnutls-cli")
(setq starttls-use-gnutls t)
(setq smtpmail-stream-type 'starttls)
(setq smtpmail-smtp-server "smtp.qq.com")
(setq smtpmail-smtp-service 587) ;;587(starttls) or 465(tls/ssl)
(setq starttls-extra-arguments '("--priority" "NORMAL:%COMPAT"))

Then try to send a testing mail as

From: abst.proc.do@qq.com (abst.proc.do)
To: abst.proc.do@qq.com
Subject: Testing
Date: Thu, 23 Jan 2020 07:11:44 +0800
Message-ID: <877e1j2ij3.fsf@qq.com>
--text follows this line--
Testing

It freeze in the minibuffer with prompt

Opening STARTTLS connection to ‘smtp.qq.com:587’...done

and got a messages

 Saving file /home/me/*message*-20200123-071130...

the mail was not sent.

The appreciate stmp service was checked and token placed in .authinfo

What's the problem with my configuration?

Machine: Ubuntu 19.10 Emacs 26.3

The error trace:

220 newxmesmtplogicsvrszc2.qq.com XMail Esmtp QQ Mail Server.
250-newxmesmtplogicsvrszc2.qq.com
250-PIPELINING
250-SIZE 73400320
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN
250-MAILCOMPRESS
250 8BITMIME

Process smtpmail deleted
220 newxmesmtplogicsvrsza3.qq.com XMail Esmtp QQ Mail Server.
250-newxmesmtplogicsvrsza3.qq.com
250-PIPELINING
250-SIZE 73400320
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN
250-MAILCOMPRESS
250 8BITMIME
220 Ready to start TLS from 106.39.174.180 to newxmesmtplogicsvrsza3.qq.com.
*** Starting TLS handshake
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
 - subject `CN=*.mail.qq.com,O=Tencent Technology (Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN', issuer `CN=GlobalSign Organization Validation CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE', serial 0x41110235e23a37f3ead2dc5e, RSA key 2048 bits, signed using RSA-SHA256, activated `2019-11-11 10:32:16 UTC', expires `2020-06-03 04:00:33 UTC', pin-sha256="3gHtBaJCDCS2wo6ho7kKEE6rUA1YXM3A6R1XiFejm48="
    Public Key ID:
        sha1:5df67c6c87174f49828307072b0922d6da77cab0
        sha256:de01ed05a2420c24b6c28ea1a3b90a104eab500d585ccdc0e91d578857a39b8f
    Public Key PIN:
        pin-sha256:3gHtBaJCDCS2wo6ho7kKEE6rUA1YXM3A6R1XiFejm48=

- Certificate[1] info:
 - subject `CN=GlobalSign Organization Validation CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE', issuer `CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE', serial 0x040000000001444ef04247, RSA key 2048 bits, signed using RSA-SHA256, activated `2014-02-20 10:00:00 UTC', expires `2024-02-20 10:00:00 UTC', pin-sha256="IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4="
- Certificate[2] info:
 - subject `CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE', issuer `CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE', serial 0x040000000001154b5ac394, RSA key 2048 bits, signed using RSA-SHA1 (broken!), activated `1998-09-01 12:00:00 UTC', expires `2028-01-28 12:00:00 UTC', pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="
- Status: The certificate is trusted. 
- Description: (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-128-GCM)
- Session ID: CB:34:DB:07:B8:3D:32:D8:13:BD:9B:4E:6B:5D:0A:72:1A:85:83:20:68:BB:70:8A:5A:43:15:51:3E:7D:19:BD
- Options: safe renegotiation,

Answer 1

I have had a number of ongoing problems with starttls, i.e. open-tls-stream, when it is using openssl in Emacs -- it is extremely hard to debug, and upgrading either emacs or openssl can cause connections to hang as you have observed -- and this usually happens far enough apart to allow one to completely forget that it happened before and how to debug and fix it again.

I've changed the definition of tls-end-of-info to solve this:

;; xxx gnutls-cli is broken, at least when used with emacs-23.3
;; (xxx "-no_ssl2" might still be required for older openssl?)
;; n.b. the "-crlf" is now necessary for Gmail, but not Cyrus
;;
(setq tls-program '("openssl s_client -connect %h:%p -ign_eof"))

(setq starttls-use-gnutls nil)  ; XXX requires security/starttls be installed!!!
;; 
;; XXX as of OpenSSL 1.1.1a  20 Nov 2018 there's a new ending to the noise
;; c_client prints before real data starts.
;; 
;; (XXX debugging this was HARD!  No clues -- emacs just "hung" without responding)
;;
(setq tls-end-of-info
      "\\(^\s*Verify return code: .+
---
\\|^    Extended master secret: .+
---
\\|^- Simple Client Mode:
\\(
\\|^\\*\\*\\* Starting TLS handshake
\\)*\\)")

To help with the debugging I use a slightly hacked up version of open-tls-stream. You can find it all at my ~/.emacs.el file