From: Robert Pluim Date: Mon, 18 Nov 2019 09:48:29 +0000 (+0100) Subject: Default network-stream-use-client-certificates to nil X-Git-Tag: emacs-27.0.90~540 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=8934762bb37273e6606097de92dcc2556456acd2;p=emacs.git Default network-stream-use-client-certificates to nil * lisp/net/network-stream.el (network-stream-use-client-certificates): Default to nil. (open-network-stream): Adapt description to new default of network-stream-use-client-certificates. * etc/NEWS: network-stream-use-client-certificates defaults to nil now. * doc/lispref/processes.texi (Network): Flip network-stream-use-client-certificates description. * doc/misc/auth.texi (Help for users): Mention network-stream-use-client-certificates. --- diff --git a/doc/lispref/processes.texi b/doc/lispref/processes.texi index 5caf0a24265..fc5832253f9 100644 --- a/doc/lispref/processes.texi +++ b/doc/lispref/processes.texi @@ -2521,11 +2521,11 @@ expect the network traffic to be encrypted. Either a list of the form @code{(@var{key-file} @var{cert-file})}, naming the certificate key file and certificate file itself, or @code{t}, meaning to query @code{auth-source} for this information -(@pxref{Help for users,,auth-source, auth, Emacs auth-source Library}). -Only used for @acronym{TLS} or @acronym{STARTTLS}. If -@code{:client-certificate} is not specified, behave as if it were t, -customize @code{network-stream-use-client-certificates} to change -this. +(@pxref{Help for users,,auth-source, auth, Emacs auth-source +Library}). Only used for @acronym{TLS} or @acronym{STARTTLS}. To +enable automatic queries of @code{auth-source} when +@code{:client-certificate} is not specified customize +@code{network-stream-use-client-certificates} to t. @item :return-list @var{cons-or-nil} The return value of this function. If omitted or @code{nil}, return a diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi index 93a301dcb1a..415a64f0211 100644 --- a/doc/misc/auth.texi +++ b/doc/misc/auth.texi @@ -92,6 +92,7 @@ backends and you can write your own if you want. @chapter Help for users ``Netrc'' files are a de facto standard. They look like this: + @example machine @var{mymachine} login @var{myloginname} password @var{mypassword} port @var{myport} @end example @@ -108,12 +109,16 @@ The @code{user} is the user name. It's known as @var{:user} in You can also use this file to specify client certificates to use when setting up TLS connections. The format is: + @example machine @var{mymachine} port @var{myport} key @var{key} cert @var{cert} @end example @var{key} and @var{cert} are filenames containing the key and -certificate to use respectively. +certificate to use respectively. In order to make network connections +use them automatically, either pass @code{:client-certificate t} to +@code{open-network-stream}, or customize +@code{network-stream-use-client-certificates} to @code{t}. You can use spaces inside a password or other token by surrounding the token with either single or double quotes. diff --git a/etc/NEWS b/etc/NEWS index a872a8f6b5d..3bf4c81014b 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -341,7 +341,8 @@ certificates via 'auth-source'. ** New user option 'network-stream-use-client-certificates'. When non-nil, 'open-network-stream' performs lookups of client certificates using 'auth-source' as if ':client-certificate t' were -specified. Defaults to t. +specified iff there is no explicit ':client-certificate' parameter. +Defaults to nil. +++ ** New function 'fill-polish-nobreak-p', to be used in 'fill-nobreak-predicate'. diff --git a/lisp/net/network-stream.el b/lisp/net/network-stream.el index 1571c761893..9a796d93ab8 100644 --- a/lisp/net/network-stream.el +++ b/lisp/net/network-stream.el @@ -58,7 +58,7 @@ (defvar starttls-gnutls-program) (defvar starttls-program) -(defcustom network-stream-use-client-certificates t +(defcustom network-stream-use-client-certificates nil "Whether to use client certificates for network connections. When non-nil, `open-network-stream' will automatically look for @@ -144,12 +144,12 @@ values: :client-certificate should either be a list where the first element is the certificate key file name, and the second - element is the certificate file name itself, or t, which - means that `auth-source' will be queried for the key and the + element is the certificate file name itself, or t, which means + that `auth-source' will be queried for the key and the certificate. This parameter will only be used when doing TLS - or STARTTLS connections. If :client-certificate is not - specified, behave as if it were t, customize - `network-stream-use-client-certificates' to change this. + or STARTTLS connections. To enable automatic queries of + `auth-source' when `:client-certificate' is not specified + customize `network-stream-use-client-certificates' to t. :use-starttls-if-possible is a boolean that says to do opportunistic STARTTLS upgrades even if Emacs doesn't have built-in TLS functionality.