[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] master f9649f0 1/2: NSM-related doc fixes
From: |
Lars Ingebrigtsen |
Subject: |
[Emacs-diffs] master f9649f0 1/2: NSM-related doc fixes |
Date: |
Sun, 8 Jul 2018 07:40:53 -0400 (EDT) |
branch: master
commit f9649f0e147815ddd78073c52cd0e2ad9f33c4e4
Author: Lars Ingebrigtsen <address@hidden>
Commit: Lars Ingebrigtsen <address@hidden>
NSM-related doc fixes
* src/gnutls.c (Fgnutls_peer_status): Mention :certificates in the
doc string.
* etc/NEWS: Mention how to switch off the additional TLS checks.
---
etc/NEWS | 6 +++++-
src/gnutls.c | 12 ++++++++++--
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/etc/NEWS b/etc/NEWS
index 375f040..8883066 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -137,7 +137,11 @@ variable.
+++
** Most of the checks for outdated, believed-to-be-weak TLS algorithms
-and ciphers are now switched on by default.
+and ciphers are now switched on by default. To get the old behaviour
+back (where certificates are checked for validity, but no warnings
+about weak cryptography are issued), you can either set
+`network-security-protocol-checks' to nil, or adjust the elements in
+that variable to only happen on the `high' security level.
+++
** New function 'fill-polish-nobreak-p', to be used in
'fill-nobreak-predicate'.
diff --git a/src/gnutls.c b/src/gnutls.c
index d22d5d2..dfbbecf 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -1210,9 +1210,17 @@ DEFUN ("gnutls-peer-status-warning-describe",
Fgnutls_peer_status_warning_descri
DEFUN ("gnutls-peer-status", Fgnutls_peer_status, Sgnutls_peer_status, 1, 1, 0,
doc: /* Describe a GnuTLS PROC peer certificate and any warnings about
it.
+
The return value is a property list with top-level keys :warnings and
-:certificate. The :warnings entry is a list of symbols you can describe with
-`gnutls-peer-status-warning-describe'. */)
+:certificates.
+
+The :warnings entry is a list of symbols you can get a description of
+with `gnutls-peer-status-warning-describe', and :certificates is the
+certificate chain for the connection, with the host certificate
+first, and intermediary certificates (if any) follow.
+
+In addition, for backwards compatibility, the host certificate is also
+returned as the :certificate entry. */)
(Lisp_Object proc)
{
Lisp_Object warnings = Qnil, result = Qnil;