From f9649f0e147815ddd78073c52cd0e2ad9f33c4e4 Mon Sep 17 00:00:00 2001 From: Lars Ingebrigtsen Date: Sun, 8 Jul 2018 13:30:08 +0200 Subject: [PATCH] NSM-related doc fixes * src/gnutls.c (Fgnutls_peer_status): Mention :certificates in the doc string. * etc/NEWS: Mention how to switch off the additional TLS checks. --- etc/NEWS | 6 +++++- src/gnutls.c | 12 ++++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/etc/NEWS b/etc/NEWS index 375f0400541..8883066237b 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -137,7 +137,11 @@ variable. +++ ** Most of the checks for outdated, believed-to-be-weak TLS algorithms -and ciphers are now switched on by default. +and ciphers are now switched on by default. To get the old behaviour +back (where certificates are checked for validity, but no warnings +about weak cryptography are issued), you can either set +`network-security-protocol-checks' to nil, or adjust the elements in +that variable to only happen on the `high' security level. +++ ** New function 'fill-polish-nobreak-p', to be used in 'fill-nobreak-predicate'. diff --git a/src/gnutls.c b/src/gnutls.c index d22d5d267c1..dfbbecfc870 100644 --- a/src/gnutls.c +++ b/src/gnutls.c @@ -1210,9 +1210,17 @@ DEFUN ("gnutls-peer-status-warning-describe", Fgnutls_peer_status_warning_descri DEFUN ("gnutls-peer-status", Fgnutls_peer_status, Sgnutls_peer_status, 1, 1, 0, doc: /* Describe a GnuTLS PROC peer certificate and any warnings about it. + The return value is a property list with top-level keys :warnings and -:certificate. The :warnings entry is a list of symbols you can describe with -`gnutls-peer-status-warning-describe'. */) +:certificates. + +The :warnings entry is a list of symbols you can get a description of +with `gnutls-peer-status-warning-describe', and :certificates is the +certificate chain for the connection, with the host certificate +first, and intermediary certificates (if any) follow. + +In addition, for backwards compatibility, the host certificate is also +returned as the :certificate entry. */) (Lisp_Object proc) { Lisp_Object warnings = Qnil, result = Qnil; -- 2.39.2