From a0f20f21e08af104e9e95498ea00b23059e3b056 Mon Sep 17 00:00:00 2001 From: Ted Zlatanov Date: Mon, 23 Dec 2013 07:50:47 -0500 Subject: [PATCH] Document `gnutls-verify-error'. * emacs-gnutls.texi (Help For Users): Document `gnutls-verify-error'. --- doc/misc/ChangeLog | 4 ++++ doc/misc/emacs-gnutls.texi | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/doc/misc/ChangeLog b/doc/misc/ChangeLog index c7986b3ba93..03ff3d12dfe 100644 --- a/doc/misc/ChangeLog +++ b/doc/misc/ChangeLog @@ -1,3 +1,7 @@ +2013-12-23 Teodor Zlatanov + + * emacs-gnutls.texi (Help For Users): Document `gnutls-verify-error'. + 2013-12-22 Glenn Morris * woman.texi (Navigation): Use itemx where appropriate. diff --git a/doc/misc/emacs-gnutls.texi b/doc/misc/emacs-gnutls.texi index b1c4c13c5ff..369c6c3c3a1 100644 --- a/doc/misc/emacs-gnutls.texi +++ b/doc/misc/emacs-gnutls.texi @@ -132,6 +132,24 @@ know if you do, so we can make the change to benefit the other users of that platform. @end defvar +@defvar gnutls-verify-error +The @code{gnutls-verify-error} variable allows you to verify SSL/TLS +server certificates for all connections or by host name. It defaults +to @code{nil} for now but will likely be changed to @code{t} later, +meaning that all certificates will be verified. + +There are two checks available currently, that the certificate has +been issued by a trusted authority as defined by +@code{gnutls-trustfiles}, and that the hostname matches the +certificate. @code{t} enables both checks, but you can enable them +individually as well with @code{:trustfiles} and @code{:hostname} +instead. + +Because of the low-level interactions with the GnuTLS library, there +is no way currently to ask if a certificate can be accepted. You have +to look in the @code{*Messages*} buffer. +@end defvar + @defvar gnutls-min-prime-bits The @code{gnutls-min-prime-bits} variable is a pretty exotic customization for cases where you want to refuse handshakes with keys -- 2.39.2