diff options
| author | Robert Pluim | 2019-11-18 10:48:29 +0100 |
|---|---|---|
| committer | Robert Pluim | 2019-11-23 18:51:08 +0100 |
| commit | 8934762bb37273e6606097de92dcc2556456acd2 (patch) | |
| tree | f221324e9e52e5cffe43929f3beb244579aa5288 | |
| parent | a27c8929f2ab26dc0d27c8969857d3bc108747f5 (diff) | |
| download | emacs-8934762bb37273e6606097de92dcc2556456acd2.tar.gz emacs-8934762bb37273e6606097de92dcc2556456acd2.zip | |
Default network-stream-use-client-certificates to nil
* lisp/net/network-stream.el (network-stream-use-client-certificates):
Default to nil.
(open-network-stream): Adapt description to new default of
network-stream-use-client-certificates.
* etc/NEWS: network-stream-use-client-certificates defaults to nil
now.
* doc/lispref/processes.texi (Network): Flip
network-stream-use-client-certificates description.
* doc/misc/auth.texi (Help for users): Mention
network-stream-use-client-certificates.
| -rw-r--r-- | doc/lispref/processes.texi | 10 | ||||
| -rw-r--r-- | doc/misc/auth.texi | 7 | ||||
| -rw-r--r-- | etc/NEWS | 3 | ||||
| -rw-r--r-- | lisp/net/network-stream.el | 12 |
4 files changed, 19 insertions, 13 deletions
diff --git a/doc/lispref/processes.texi b/doc/lispref/processes.texi index 5caf0a24265..fc5832253f9 100644 --- a/doc/lispref/processes.texi +++ b/doc/lispref/processes.texi | |||
| @@ -2521,11 +2521,11 @@ expect the network traffic to be encrypted. | |||
| 2521 | Either a list of the form @code{(@var{key-file} @var{cert-file})}, | 2521 | Either a list of the form @code{(@var{key-file} @var{cert-file})}, |
| 2522 | naming the certificate key file and certificate file itself, or | 2522 | naming the certificate key file and certificate file itself, or |
| 2523 | @code{t}, meaning to query @code{auth-source} for this information | 2523 | @code{t}, meaning to query @code{auth-source} for this information |
| 2524 | (@pxref{Help for users,,auth-source, auth, Emacs auth-source Library}). | 2524 | (@pxref{Help for users,,auth-source, auth, Emacs auth-source |
| 2525 | Only used for @acronym{TLS} or @acronym{STARTTLS}. If | 2525 | Library}). Only used for @acronym{TLS} or @acronym{STARTTLS}. To |
| 2526 | @code{:client-certificate} is not specified, behave as if it were t, | 2526 | enable automatic queries of @code{auth-source} when |
| 2527 | customize @code{network-stream-use-client-certificates} to change | 2527 | @code{:client-certificate} is not specified customize |
| 2528 | this. | 2528 | @code{network-stream-use-client-certificates} to t. |
| 2529 | 2529 | ||
| 2530 | @item :return-list @var{cons-or-nil} | 2530 | @item :return-list @var{cons-or-nil} |
| 2531 | The return value of this function. If omitted or @code{nil}, return a | 2531 | The return value of this function. If omitted or @code{nil}, return a |
diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi index 93a301dcb1a..415a64f0211 100644 --- a/doc/misc/auth.texi +++ b/doc/misc/auth.texi | |||
| @@ -92,6 +92,7 @@ backends and you can write your own if you want. | |||
| 92 | @chapter Help for users | 92 | @chapter Help for users |
| 93 | 93 | ||
| 94 | ``Netrc'' files are a de facto standard. They look like this: | 94 | ``Netrc'' files are a de facto standard. They look like this: |
| 95 | |||
| 95 | @example | 96 | @example |
| 96 | machine @var{mymachine} login @var{myloginname} password @var{mypassword} port @var{myport} | 97 | machine @var{mymachine} login @var{myloginname} password @var{mypassword} port @var{myport} |
| 97 | @end example | 98 | @end example |
| @@ -108,12 +109,16 @@ The @code{user} is the user name. It's known as @var{:user} in | |||
| 108 | 109 | ||
| 109 | You can also use this file to specify client certificates to use when | 110 | You can also use this file to specify client certificates to use when |
| 110 | setting up TLS connections. The format is: | 111 | setting up TLS connections. The format is: |
| 112 | |||
| 111 | @example | 113 | @example |
| 112 | machine @var{mymachine} port @var{myport} key @var{key} cert @var{cert} | 114 | machine @var{mymachine} port @var{myport} key @var{key} cert @var{cert} |
| 113 | @end example | 115 | @end example |
| 114 | 116 | ||
| 115 | @var{key} and @var{cert} are filenames containing the key and | 117 | @var{key} and @var{cert} are filenames containing the key and |
| 116 | certificate to use respectively. | 118 | certificate to use respectively. In order to make network connections |
| 119 | use them automatically, either pass @code{:client-certificate t} to | ||
| 120 | @code{open-network-stream}, or customize | ||
| 121 | @code{network-stream-use-client-certificates} to @code{t}. | ||
| 117 | 122 | ||
| 118 | You can use spaces inside a password or other token by surrounding the | 123 | You can use spaces inside a password or other token by surrounding the |
| 119 | token with either single or double quotes. | 124 | token with either single or double quotes. |
| @@ -341,7 +341,8 @@ certificates via 'auth-source'. | |||
| 341 | ** New user option 'network-stream-use-client-certificates'. | 341 | ** New user option 'network-stream-use-client-certificates'. |
| 342 | When non-nil, 'open-network-stream' performs lookups of client | 342 | When non-nil, 'open-network-stream' performs lookups of client |
| 343 | certificates using 'auth-source' as if ':client-certificate t' were | 343 | certificates using 'auth-source' as if ':client-certificate t' were |
| 344 | specified. Defaults to t. | 344 | specified iff there is no explicit ':client-certificate' parameter. |
| 345 | Defaults to nil. | ||
| 345 | 346 | ||
| 346 | +++ | 347 | +++ |
| 347 | ** New function 'fill-polish-nobreak-p', to be used in 'fill-nobreak-predicate'. | 348 | ** New function 'fill-polish-nobreak-p', to be used in 'fill-nobreak-predicate'. |
diff --git a/lisp/net/network-stream.el b/lisp/net/network-stream.el index 1571c761893..9a796d93ab8 100644 --- a/lisp/net/network-stream.el +++ b/lisp/net/network-stream.el | |||
| @@ -58,7 +58,7 @@ | |||
| 58 | (defvar starttls-gnutls-program) | 58 | (defvar starttls-gnutls-program) |
| 59 | (defvar starttls-program) | 59 | (defvar starttls-program) |
| 60 | 60 | ||
| 61 | (defcustom network-stream-use-client-certificates t | 61 | (defcustom network-stream-use-client-certificates nil |
| 62 | "Whether to use client certificates for network connections. | 62 | "Whether to use client certificates for network connections. |
| 63 | 63 | ||
| 64 | When non-nil, `open-network-stream' will automatically look for | 64 | When non-nil, `open-network-stream' will automatically look for |
| @@ -144,12 +144,12 @@ values: | |||
| 144 | 144 | ||
| 145 | :client-certificate should either be a list where the first | 145 | :client-certificate should either be a list where the first |
| 146 | element is the certificate key file name, and the second | 146 | element is the certificate key file name, and the second |
| 147 | element is the certificate file name itself, or t, which | 147 | element is the certificate file name itself, or t, which means |
| 148 | means that `auth-source' will be queried for the key and the | 148 | that `auth-source' will be queried for the key and the |
| 149 | certificate. This parameter will only be used when doing TLS | 149 | certificate. This parameter will only be used when doing TLS |
| 150 | or STARTTLS connections. If :client-certificate is not | 150 | or STARTTLS connections. To enable automatic queries of |
| 151 | specified, behave as if it were t, customize | 151 | `auth-source' when `:client-certificate' is not specified |
| 152 | `network-stream-use-client-certificates' to change this. | 152 | customize `network-stream-use-client-certificates' to t. |
| 153 | 153 | ||
| 154 | :use-starttls-if-possible is a boolean that says to do opportunistic | 154 | :use-starttls-if-possible is a boolean that says to do opportunistic |
| 155 | STARTTLS upgrades even if Emacs doesn't have built-in TLS functionality. | 155 | STARTTLS upgrades even if Emacs doesn't have built-in TLS functionality. |