NSM-related doc fixes

* src/gnutls.c (Fgnutls_peer_status): Mention :certificates in the
doc string.

* etc/NEWS: Mention how to switch off the additional TLS checks.

diff --git a/etc/NEWS b/etc/NEWS
index 375f040054196dee162e17ccba4dafc7454cb338..8883066237bfe6f00c2413e4eb31f8fbb4a34ec7 100644 (file)
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -137,7 +137,11 @@ variable.
 
 +++
 ** Most of the checks for outdated, believed-to-be-weak TLS algorithms
-and ciphers are now switched on by default.
+and ciphers are now switched on by default.  To get the old behaviour
+back (where certificates are checked for validity, but no warnings
+about weak cryptography are issued), you can either set
+`network-security-protocol-checks' to nil, or adjust the elements in
+that variable to only happen on the `high' security level.
 
 +++
 ** New function 'fill-polish-nobreak-p', to be used in 'fill-nobreak-predicate'.

diff --git a/src/gnutls.c b/src/gnutls.c
index d22d5d267c153c2b0c833ae81617f2e2d7404035..dfbbecfc87093a96dc005130d51b0cc358d44472 100644 (file)
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -1210,9 +1210,17 @@ DEFUN ("gnutls-peer-status-warning-describe", Fgnutls_peer_status_warning_descri
 
 DEFUN ("gnutls-peer-status", Fgnutls_peer_status, Sgnutls_peer_status, 1, 1, 0,
        doc: /* Describe a GnuTLS PROC peer certificate and any warnings about it.
+
 The return value is a property list with top-level keys :warnings and
-:certificate.  The :warnings entry is a list of symbols you can describe with
-`gnutls-peer-status-warning-describe'. */)
+:certificates.
+
+The :warnings entry is a list of symbols you can get a description of
+with `gnutls-peer-status-warning-describe', and :certificates is the
+certificate chain for the connection, with the host certificate
+first, and intermediary certificates (if any) follow.
+
+In addition, for backwards compatibility, the host certificate is also
+returned as the :certificate entry.  */)
   (Lisp_Object proc)
 {
   Lisp_Object warnings = Qnil, result = Qnil;