emacs-diffs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Emacs-diffs] master f9649f0 1/2: NSM-related doc fixes

From: Lars Ingebrigtsen
Subject: [Emacs-diffs] master f9649f0 1/2: NSM-related doc fixes
Date: Sun, 8 Jul 2018 07:40:53 -0400 (EDT) 
branch: master
commit f9649f0e147815ddd78073c52cd0e2ad9f33c4e4
Author: Lars Ingebrigtsen <address@hidden>
Commit: Lars Ingebrigtsen <address@hidden>

    NSM-related doc fixes
    
    * src/gnutls.c (Fgnutls_peer_status): Mention :certificates in the
    doc string.
    
    * etc/NEWS: Mention how to switch off the additional TLS checks.
---
 etc/NEWS     |  6 +++++-
 src/gnutls.c | 12 ++++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/etc/NEWS b/etc/NEWS
index 375f040..8883066 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -137,7 +137,11 @@ variable.
 
 +++
 ** Most of the checks for outdated, believed-to-be-weak TLS algorithms
-and ciphers are now switched on by default.
+and ciphers are now switched on by default.  To get the old behaviour
+back (where certificates are checked for validity, but no warnings
+about weak cryptography are issued), you can either set
+`network-security-protocol-checks' to nil, or adjust the elements in
+that variable to only happen on the `high' security level.
 
 +++
 ** New function 'fill-polish-nobreak-p', to be used in 
'fill-nobreak-predicate'.
diff --git a/src/gnutls.c b/src/gnutls.c
index d22d5d2..dfbbecf 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -1210,9 +1210,17 @@ DEFUN ("gnutls-peer-status-warning-describe", 
Fgnutls_peer_status_warning_descri
 
 DEFUN ("gnutls-peer-status", Fgnutls_peer_status, Sgnutls_peer_status, 1, 1, 0,
        doc: /* Describe a GnuTLS PROC peer certificate and any warnings about 
it.
+
 The return value is a property list with top-level keys :warnings and
-:certificate.  The :warnings entry is a list of symbols you can describe with
-`gnutls-peer-status-warning-describe'. */)
+:certificates.
+
+The :warnings entry is a list of symbols you can get a description of
+with `gnutls-peer-status-warning-describe', and :certificates is the
+certificate chain for the connection, with the host certificate
+first, and intermediary certificates (if any) follow.
+
+In addition, for backwards compatibility, the host certificate is also
+returned as the :certificate entry.  */)
   (Lisp_Object proc)
 {
   Lisp_Object warnings = Qnil, result = Qnil;
reply via email to
[Prev in Thread] Current Thread [Next in Thread]