From: Ted Zlatanov Date: Mon, 23 Dec 2013 12:50:47 +0000 (-0500) Subject: Document `gnutls-verify-error'. X-Git-Tag: emacs-24.3.90~173^2^2~42^2~45^2~387^2~227 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=a0f20f21e08af104e9e95498ea00b23059e3b056;p=emacs.git Document `gnutls-verify-error'. * emacs-gnutls.texi (Help For Users): Document `gnutls-verify-error'. --- diff --git a/doc/misc/ChangeLog b/doc/misc/ChangeLog index c7986b3ba93..03ff3d12dfe 100644 --- a/doc/misc/ChangeLog +++ b/doc/misc/ChangeLog @@ -1,3 +1,7 @@ +2013-12-23 Teodor Zlatanov + + * emacs-gnutls.texi (Help For Users): Document `gnutls-verify-error'. + 2013-12-22 Glenn Morris * woman.texi (Navigation): Use itemx where appropriate. diff --git a/doc/misc/emacs-gnutls.texi b/doc/misc/emacs-gnutls.texi index b1c4c13c5ff..369c6c3c3a1 100644 --- a/doc/misc/emacs-gnutls.texi +++ b/doc/misc/emacs-gnutls.texi @@ -132,6 +132,24 @@ know if you do, so we can make the change to benefit the other users of that platform. @end defvar +@defvar gnutls-verify-error +The @code{gnutls-verify-error} variable allows you to verify SSL/TLS +server certificates for all connections or by host name. It defaults +to @code{nil} for now but will likely be changed to @code{t} later, +meaning that all certificates will be verified. + +There are two checks available currently, that the certificate has +been issued by a trusted authority as defined by +@code{gnutls-trustfiles}, and that the hostname matches the +certificate. @code{t} enables both checks, but you can enable them +individually as well with @code{:trustfiles} and @code{:hostname} +instead. + +Because of the low-level interactions with the GnuTLS library, there +is no way currently to ask if a certificate can be accepted. You have +to look in the @code{*Messages*} buffer. +@end defvar + @defvar gnutls-min-prime-bits The @code{gnutls-min-prime-bits} variable is a pretty exotic customization for cases where you want to refuse handshakes with keys