diff options
| author | Robert Pluim <rpluim@gmail.com> | 2019-11-18 10:48:29 +0100 |
|---|---|---|
| committer | Robert Pluim <rpluim@gmail.com> | 2019-11-23 18:51:08 +0100 |
| commit | 8934762bb37273e6606097de92dcc2556456acd2 (patch) | |
| tree | f221324e9e52e5cffe43929f3beb244579aa5288 | |
| parent | a27c8929f2ab26dc0d27c8969857d3bc108747f5 (diff) | |
| download | emacs-8934762bb37273e6606097de92dcc2556456acd2.tar.gz | |
Default network-stream-use-client-certificates to nil
* lisp/net/network-stream.el (network-stream-use-client-certificates):
Default to nil.
(open-network-stream): Adapt description to new default of
network-stream-use-client-certificates.
* etc/NEWS: network-stream-use-client-certificates defaults to nil
now.
* doc/lispref/processes.texi (Network): Flip
network-stream-use-client-certificates description.
* doc/misc/auth.texi (Help for users): Mention
network-stream-use-client-certificates.
| -rw-r--r-- | doc/lispref/processes.texi | 10 | ||||
| -rw-r--r-- | doc/misc/auth.texi | 7 | ||||
| -rw-r--r-- | etc/NEWS | 3 | ||||
| -rw-r--r-- | lisp/net/network-stream.el | 12 |
4 files changed, 19 insertions, 13 deletions
diff --git a/doc/lispref/processes.texi b/doc/lispref/processes.texi index 5caf0a24265..fc5832253f9 100644 --- a/doc/lispref/processes.texi +++ b/doc/lispref/processes.texi @@ -2521,11 +2521,11 @@ expect the network traffic to be encrypted. Either a list of the form @code{(@var{key-file} @var{cert-file})}, naming the certificate key file and certificate file itself, or @code{t}, meaning to query @code{auth-source} for this information -(@pxref{Help for users,,auth-source, auth, Emacs auth-source Library}). -Only used for @acronym{TLS} or @acronym{STARTTLS}. If -@code{:client-certificate} is not specified, behave as if it were t, -customize @code{network-stream-use-client-certificates} to change -this. +(@pxref{Help for users,,auth-source, auth, Emacs auth-source +Library}). Only used for @acronym{TLS} or @acronym{STARTTLS}. To +enable automatic queries of @code{auth-source} when +@code{:client-certificate} is not specified customize +@code{network-stream-use-client-certificates} to t. @item :return-list @var{cons-or-nil} The return value of this function. If omitted or @code{nil}, return a diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi index 93a301dcb1a..415a64f0211 100644 --- a/doc/misc/auth.texi +++ b/doc/misc/auth.texi @@ -92,6 +92,7 @@ backends and you can write your own if you want. @chapter Help for users ``Netrc'' files are a de facto standard. They look like this: + @example machine @var{mymachine} login @var{myloginname} password @var{mypassword} port @var{myport} @end example @@ -108,12 +109,16 @@ The @code{user} is the user name. It's known as @var{:user} in You can also use this file to specify client certificates to use when setting up TLS connections. The format is: + @example machine @var{mymachine} port @var{myport} key @var{key} cert @var{cert} @end example @var{key} and @var{cert} are filenames containing the key and -certificate to use respectively. +certificate to use respectively. In order to make network connections +use them automatically, either pass @code{:client-certificate t} to +@code{open-network-stream}, or customize +@code{network-stream-use-client-certificates} to @code{t}. You can use spaces inside a password or other token by surrounding the token with either single or double quotes. @@ -341,7 +341,8 @@ certificates via 'auth-source'. ** New user option 'network-stream-use-client-certificates'. When non-nil, 'open-network-stream' performs lookups of client certificates using 'auth-source' as if ':client-certificate t' were -specified. Defaults to t. +specified iff there is no explicit ':client-certificate' parameter. +Defaults to nil. +++ ** New function 'fill-polish-nobreak-p', to be used in 'fill-nobreak-predicate'. diff --git a/lisp/net/network-stream.el b/lisp/net/network-stream.el index 1571c761893..9a796d93ab8 100644 --- a/lisp/net/network-stream.el +++ b/lisp/net/network-stream.el @@ -58,7 +58,7 @@ (defvar starttls-gnutls-program) (defvar starttls-program) -(defcustom network-stream-use-client-certificates t +(defcustom network-stream-use-client-certificates nil "Whether to use client certificates for network connections. When non-nil, `open-network-stream' will automatically look for @@ -144,12 +144,12 @@ values: :client-certificate should either be a list where the first element is the certificate key file name, and the second - element is the certificate file name itself, or t, which - means that `auth-source' will be queried for the key and the + element is the certificate file name itself, or t, which means + that `auth-source' will be queried for the key and the certificate. This parameter will only be used when doing TLS - or STARTTLS connections. If :client-certificate is not - specified, behave as if it were t, customize - `network-stream-use-client-certificates' to change this. + or STARTTLS connections. To enable automatic queries of + `auth-source' when `:client-certificate' is not specified + customize `network-stream-use-client-certificates' to t. :use-starttls-if-possible is a boolean that says to do opportunistic STARTTLS upgrades even if Emacs doesn't have built-in TLS functionality. |