3 files changed, 86 insertions, 3 deletions
diff --git a/doc/lispref/ChangeLog b/doc/lispref/ChangeLog
index baab5113057..296b4e90b4b 100644
--- a/doc/lispref/ChangeLog
+++ b/doc/lispref/ChangeLog
@@ -1,3 +1,7 @@
+2012-02-15  Glenn Morris  <rgm@gnu.org>
+        * processes.texi (Network): Document open-network-stream :parameters.
 2012-02-14  Chong Yidong  <cyd@gnu.org>
        * keymaps.texi (Format of Keymaps): The CACHE component of keymaps
diff --git a/doc/lispref/processes.texi b/doc/lispref/processes.texi
index 4cfc954cd1f..a5a507c700e 100644
--- a/doc/lispref/processes.texi
+++ b/doc/lispref/processes.texi
@@ -1939,9 +1939,10 @@ queued but input may be lost.  You can use the function
 @code{process-command} to determine whether a network connection or
 server is stopped; a non-@code{nil} value means yes.
-@defun open-network-stream name buffer-or-name host service
+@cindex encrypted network connections
-This function opens a TCP connection, and returns a process object
+@defun open-network-stream name buffer-or-name host service &rest parameters
-that represents the connection.
+This function opens a TCP connection, with optional encryption, and
+returns a process object that represents the connection.
 The @var{name} argument specifies the name for the process object.  It
 is modified as necessary to make it unique.
@@ -1955,6 +1956,83 @@ associated with any buffer.
 The arguments @var{host} and @var{service} specify where to connect to;
 @var{host} is the host name (a string), and @var{service} is the name of
 a defined network service (a string) or a port number (an integer).
+@c FIXME?  Is this too lengthy for the printed manual?
+The remaining arguments @var{parameters} are keyword/argument pairs
+that are mainly relevant to encrypted connections:
+@table @code
+@item :nowait @var{boolean}
+If non-@code{nil}, try to make an asynchronous connection.
+@item :type @var{type}
+The type of connection.  Options are:
+@table @code
+@item plain
+An ordinary, unencrypted connection.
+@item tls
+@itemx ssl
+A TLS (``Transport Layer Security'') connection.
+@item nil
+@itemx network
+Start with a plain connection, and if parameters @samp{:success}
+and @samp{:capability-command} are supplied, try to upgrade to an encrypted
+connection via STARTTLS.  If that fails, retain the unencrypted connection.
+@item starttls
+As for @code{nil}, but if STARTTLS fails drop the connection.
+@item shell
+A shell connection.
+@end table
+@item :always-query-capabilities @var{boolean}
+If non-@code{nil}, always ask for the server's capabilities, even when
+doing a @samp{plain} connection.
+@item :capability-command @var{capability-command}
+Command string to query the host capabilities.
+@item :end-of-command @var{regexp}
+@itemx :end-of-capability @var{regexp}
+Regular expression matching the end of a command, or the end of the
+command @var{capability-command}.  The latter defaults to the former.
+@item :starttls-function @var{function}
+Function of one argument (the response to @var{capability-command}),
+which returns either @code{nil}, or the command to activate STARTTLS
+if supported.
+@item :success @var{regexp}
+Regular expression matching a successful STARTTLS negotiation.
+@item :use-starttls-if-possible @var{boolean}
+If non-@code{nil}, do opportunistic STARTTLS upgrades even if Emacs
+doesn't have built-in TLS support.
+@item :client-certificate @var{list-or-t}
+Either a list of the form @code{(@var{key-file} @var{cert-file})},
+naming the certificate key file and certificate file itself, or
+@code{t}, meaning to query @code{auth-source} for this information
+(@pxref{Top,,auth-source, auth, Emacs auth-source Library}).
+Only used for TLS or STARTTLS.
+@item :return-list @var{cons-or-nil}
+The return value of this function.  If omitted or @code{nil}, return a
+process object.  Otherwise, a cons of the form @code{(@var{process-object}
+. @var{plist})}, where @var{plist} has keywords:
+@table @code
+@item :greeting @var{string-or-nil}
+If non-@code{nil}, the greeting string returned by the host.
+@item :capabilities @var{string-or-nil}
+If non-@code{nil}, the host's capability string.
+@item :type @var{symbol}
+The connection type: @samp{plain} or @samp{tls}.
+@end table
+@end table
 @end defun
 @node Network Servers
diff --git a/etc/NEWS b/etc/NEWS
index d3e946819d4..4c6552f7db5 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -1289,6 +1289,7 @@ behavior of `completing-read'.
 ** `glyphless-char-display' can now distinguish between graphical and
 text terminal display, via a char-table entry that is a cons cell.
+++
 ** `open-network-stream' can now be used to open an encrypted stream.
 It now accepts an optional `:type' parameter for initiating a TLS
 connection, directly or via STARTTLS.  To do STARTTLS, additional

diff --git a/doc/lispref/ChangeLog b/doc/lispref/ChangeLog index baab5113057..296b4e90b4b 100644 --- a/doc/lispref/ChangeLog +++ b/doc/lispref/ChangeLog
@@ -1,3 +1,7 @@
		1	2012-02-15 Glenn Morris <rgm@gnu.org>
		2
		3	* processes.texi (Network): Document open-network-stream :parameters.
		4
1	2012-02-14 Chong Yidong <cyd@gnu.org>	5	2012-02-14 Chong Yidong <cyd@gnu.org>
2		6
3	* keymaps.texi (Format of Keymaps): The CACHE component of keymaps	7	* keymaps.texi (Format of Keymaps): The CACHE component of keymaps


diff --git a/doc/lispref/processes.texi b/doc/lispref/processes.texi index 4cfc954cd1f..a5a507c700e 100644 --- a/doc/lispref/processes.texi +++ b/doc/lispref/processes.texi
@@ -1939,9 +1939,10 @@ queued but input may be lost. You can use the function
1939	@code{process-command} to determine whether a network connection or	1939	@code{process-command} to determine whether a network connection or
1940	server is stopped; a non-@code{nil} value means yes.	1940	server is stopped; a non-@code{nil} value means yes.
1941		1941
1942	@defun open-network-stream name buffer-or-name host service	1942	@cindex encrypted network connections
1943	This function opens a TCP connection, and returns a process object	1943	@defun open-network-stream name buffer-or-name host service &rest parameters
1944	that represents the connection.	1944	This function opens a TCP connection, with optional encryption, and
		1945	returns a process object that represents the connection.
1945		1946
1946	The @var{name} argument specifies the name for the process object. It	1947	The @var{name} argument specifies the name for the process object. It
1947	is modified as necessary to make it unique.	1948	is modified as necessary to make it unique.
@@ -1955,6 +1956,83 @@ associated with any buffer.
1955	The arguments @var{host} and @var{service} specify where to connect to;	1956	The arguments @var{host} and @var{service} specify where to connect to;
1956	@var{host} is the host name (a string), and @var{service} is the name of	1957	@var{host} is the host name (a string), and @var{service} is the name of
1957	a defined network service (a string) or a port number (an integer).	1958	a defined network service (a string) or a port number (an integer).
		1959
		1960	@c FIXME? Is this too lengthy for the printed manual?
		1961	The remaining arguments @var{parameters} are keyword/argument pairs
		1962	that are mainly relevant to encrypted connections:
		1963
		1964	@table @code
		1965
		1966	@item :nowait @var{boolean}
		1967	If non-@code{nil}, try to make an asynchronous connection.
		1968
		1969	@item :type @var{type}
		1970	The type of connection. Options are:
		1971
		1972	@table @code
		1973	@item plain
		1974	An ordinary, unencrypted connection.
		1975	@item tls
		1976	@itemx ssl
		1977	A TLS (``Transport Layer Security'') connection.
		1978	@item nil
		1979	@itemx network
		1980	Start with a plain connection, and if parameters @samp{:success}
		1981	and @samp{:capability-command} are supplied, try to upgrade to an encrypted
		1982	connection via STARTTLS. If that fails, retain the unencrypted connection.
		1983	@item starttls
		1984	As for @code{nil}, but if STARTTLS fails drop the connection.
		1985	@item shell
		1986	A shell connection.
		1987	@end table
		1988
		1989	@item :always-query-capabilities @var{boolean}
		1990	If non-@code{nil}, always ask for the server's capabilities, even when
		1991	doing a @samp{plain} connection.
		1992
		1993	@item :capability-command @var{capability-command}
		1994	Command string to query the host capabilities.
		1995
		1996	@item :end-of-command @var{regexp}
		1997	@itemx :end-of-capability @var{regexp}
		1998	Regular expression matching the end of a command, or the end of the
		1999	command @var{capability-command}. The latter defaults to the former.
		2000
		2001	@item :starttls-function @var{function}
		2002	Function of one argument (the response to @var{capability-command}),
		2003	which returns either @code{nil}, or the command to activate STARTTLS
		2004	if supported.
		2005
		2006	@item :success @var{regexp}
		2007	Regular expression matching a successful STARTTLS negotiation.
		2008
		2009	@item :use-starttls-if-possible @var{boolean}
		2010	If non-@code{nil}, do opportunistic STARTTLS upgrades even if Emacs
		2011	doesn't have built-in TLS support.
		2012
		2013	@item :client-certificate @var{list-or-t}
		2014	Either a list of the form @code{(@var{key-file} @var{cert-file})},
		2015	naming the certificate key file and certificate file itself, or
		2016	@code{t}, meaning to query @code{auth-source} for this information
		2017	(@pxref{Top,,auth-source, auth, Emacs auth-source Library}).
		2018	Only used for TLS or STARTTLS.
		2019
		2020	@item :return-list @var{cons-or-nil}
		2021	The return value of this function. If omitted or @code{nil}, return a
		2022	process object. Otherwise, a cons of the form @code{(@var{process-object}
		2023	. @var{plist})}, where @var{plist} has keywords:
		2024
		2025	@table @code
		2026	@item :greeting @var{string-or-nil}
		2027	If non-@code{nil}, the greeting string returned by the host.
		2028	@item :capabilities @var{string-or-nil}
		2029	If non-@code{nil}, the host's capability string.
		2030	@item :type @var{symbol}
		2031	The connection type: @samp{plain} or @samp{tls}.
		2032	@end table
		2033
		2034	@end table
		2035
1958	@end defun	2036	@end defun
1959		2037
1960	@node Network Servers	2038	@node Network Servers


diff --git a/etc/NEWS b/etc/NEWS index d3e946819d4..4c6552f7db5 100644 --- a/etc/NEWS +++ b/etc/NEWS
@@ -1289,6 +1289,7 @@ behavior of `completing-read'.
1289	** `glyphless-char-display' can now distinguish between graphical and	1289	** `glyphless-char-display' can now distinguish between graphical and
1290	text terminal display, via a char-table entry that is a cons cell.	1290	text terminal display, via a char-table entry that is a cons cell.
1291		1291
		1292	+++
1292	** `open-network-stream' can now be used to open an encrypted stream.	1293	** `open-network-stream' can now be used to open an encrypted stream.
1293	It now accepts an optional `:type' parameter for initiating a TLS	1294	It now accepts an optional `:type' parameter for initiating a TLS
1294	connection, directly or via STARTTLS. To do STARTTLS, additional	1295	connection, directly or via STARTTLS. To do STARTTLS, additional