Either a list of the form @code{(@var{key-file} @var{cert-file})},
naming the certificate key file and certificate file itself, or
@code{t}, meaning to query @code{auth-source} for this information
-(@pxref{Help for users,,auth-source, auth, Emacs auth-source Library}).
-Only used for @acronym{TLS} or @acronym{STARTTLS}. If
-@code{:client-certificate} is not specified, behave as if it were t,
-customize @code{network-stream-use-client-certificates} to change
-this.
+(@pxref{Help for users,,auth-source, auth, Emacs auth-source
+Library}). Only used for @acronym{TLS} or @acronym{STARTTLS}. To
+enable automatic queries of @code{auth-source} when
+@code{:client-certificate} is not specified customize
+@code{network-stream-use-client-certificates} to t.
@item :return-list @var{cons-or-nil}
The return value of this function. If omitted or @code{nil}, return a
@chapter Help for users
``Netrc'' files are a de facto standard. They look like this:
+
@example
machine @var{mymachine} login @var{myloginname} password @var{mypassword} port @var{myport}
@end example
You can also use this file to specify client certificates to use when
setting up TLS connections. The format is:
+
@example
machine @var{mymachine} port @var{myport} key @var{key} cert @var{cert}
@end example
@var{key} and @var{cert} are filenames containing the key and
-certificate to use respectively.
+certificate to use respectively. In order to make network connections
+use them automatically, either pass @code{:client-certificate t} to
+@code{open-network-stream}, or customize
+@code{network-stream-use-client-certificates} to @code{t}.
You can use spaces inside a password or other token by surrounding the
token with either single or double quotes.
** New user option 'network-stream-use-client-certificates'.
When non-nil, 'open-network-stream' performs lookups of client
certificates using 'auth-source' as if ':client-certificate t' were
-specified. Defaults to t.
+specified iff there is no explicit ':client-certificate' parameter.
+Defaults to nil.
+++
** New function 'fill-polish-nobreak-p', to be used in 'fill-nobreak-predicate'.
(defvar starttls-gnutls-program)
(defvar starttls-program)
-(defcustom network-stream-use-client-certificates t
+(defcustom network-stream-use-client-certificates nil
"Whether to use client certificates for network connections.
When non-nil, `open-network-stream' will automatically look for
:client-certificate should either be a list where the first
element is the certificate key file name, and the second
- element is the certificate file name itself, or t, which
- means that `auth-source' will be queried for the key and the
+ element is the certificate file name itself, or t, which means
+ that `auth-source' will be queried for the key and the
certificate. This parameter will only be used when doing TLS
- or STARTTLS connections. If :client-certificate is not
- specified, behave as if it were t, customize
- `network-stream-use-client-certificates' to change this.
+ or STARTTLS connections. To enable automatic queries of
+ `auth-source' when `:client-certificate' is not specified
+ customize `network-stream-use-client-certificates' to t.
:use-starttls-if-possible is a boolean that says to do opportunistic
STARTTLS upgrades even if Emacs doesn't have built-in TLS functionality.
projects / emacs.git / commitdiff