[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
master 8934762 2/2: Default network-stream-use-client-certificates to ni
From: |
Robert Pluim |
Subject: |
master 8934762 2/2: Default network-stream-use-client-certificates to nil |
Date: |
Sat, 23 Nov 2019 12:54:02 -0500 (EST) |
branch: master
commit 8934762bb37273e6606097de92dcc2556456acd2
Author: Robert Pluim <address@hidden>
Commit: Robert Pluim <address@hidden>
Default network-stream-use-client-certificates to nil
* lisp/net/network-stream.el (network-stream-use-client-certificates):
Default to nil.
(open-network-stream): Adapt description to new default of
network-stream-use-client-certificates.
* etc/NEWS: network-stream-use-client-certificates defaults to nil
now.
* doc/lispref/processes.texi (Network): Flip
network-stream-use-client-certificates description.
* doc/misc/auth.texi (Help for users): Mention
network-stream-use-client-certificates.
---
doc/lispref/processes.texi | 10 +++++-----
doc/misc/auth.texi | 7 ++++++-
etc/NEWS | 3 ++-
lisp/net/network-stream.el | 12 ++++++------
4 files changed, 19 insertions(+), 13 deletions(-)
diff --git a/doc/lispref/processes.texi b/doc/lispref/processes.texi
index 5caf0a2..fc58322 100644
--- a/doc/lispref/processes.texi
+++ b/doc/lispref/processes.texi
@@ -2521,11 +2521,11 @@ expect the network traffic to be encrypted.
Either a list of the form @code{(@var{key-file} @var{cert-file})},
naming the certificate key file and certificate file itself, or
@code{t}, meaning to query @code{auth-source} for this information
-(@pxref{Help for users,,auth-source, auth, Emacs auth-source Library}).
-Only used for @acronym{TLS} or @acronym{STARTTLS}. If
-@code{:client-certificate} is not specified, behave as if it were t,
-customize @code{network-stream-use-client-certificates} to change
-this.
+(@pxref{Help for users,,auth-source, auth, Emacs auth-source
+Library}). Only used for @acronym{TLS} or @acronym{STARTTLS}. To
+enable automatic queries of @code{auth-source} when
+@code{:client-certificate} is not specified customize
+@code{network-stream-use-client-certificates} to t.
@item :return-list @var{cons-or-nil}
The return value of this function. If omitted or @code{nil}, return a
diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi
index 93a301d..415a64f 100644
--- a/doc/misc/auth.texi
+++ b/doc/misc/auth.texi
@@ -92,6 +92,7 @@ backends and you can write your own if you want.
@chapter Help for users
``Netrc'' files are a de facto standard. They look like this:
+
@example
machine @var{mymachine} login @var{myloginname} password @var{mypassword} port
@var{myport}
@end example
@@ -108,12 +109,16 @@ The @code{user} is the user name. It's known as
@var{:user} in
You can also use this file to specify client certificates to use when
setting up TLS connections. The format is:
+
@example
machine @var{mymachine} port @var{myport} key @var{key} cert @var{cert}
@end example
@var{key} and @var{cert} are filenames containing the key and
-certificate to use respectively.
+certificate to use respectively. In order to make network connections
+use them automatically, either pass @code{:client-certificate t} to
+@code{open-network-stream}, or customize
+@code{network-stream-use-client-certificates} to @code{t}.
You can use spaces inside a password or other token by surrounding the
token with either single or double quotes.
diff --git a/etc/NEWS b/etc/NEWS
index a872a8f..3bf4c81 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -341,7 +341,8 @@ certificates via 'auth-source'.
** New user option 'network-stream-use-client-certificates'.
When non-nil, 'open-network-stream' performs lookups of client
certificates using 'auth-source' as if ':client-certificate t' were
-specified. Defaults to t.
+specified iff there is no explicit ':client-certificate' parameter.
+Defaults to nil.
+++
** New function 'fill-polish-nobreak-p', to be used in
'fill-nobreak-predicate'.
diff --git a/lisp/net/network-stream.el b/lisp/net/network-stream.el
index 1571c76..9a796d9 100644
--- a/lisp/net/network-stream.el
+++ b/lisp/net/network-stream.el
@@ -58,7 +58,7 @@
(defvar starttls-gnutls-program)
(defvar starttls-program)
-(defcustom network-stream-use-client-certificates t
+(defcustom network-stream-use-client-certificates nil
"Whether to use client certificates for network connections.
When non-nil, `open-network-stream' will automatically look for
@@ -144,12 +144,12 @@ values:
:client-certificate should either be a list where the first
element is the certificate key file name, and the second
- element is the certificate file name itself, or t, which
- means that `auth-source' will be queried for the key and the
+ element is the certificate file name itself, or t, which means
+ that `auth-source' will be queried for the key and the
certificate. This parameter will only be used when doing TLS
- or STARTTLS connections. If :client-certificate is not
- specified, behave as if it were t, customize
- `network-stream-use-client-certificates' to change this.
+ or STARTTLS connections. To enable automatic queries of
+ `auth-source' when `:client-certificate' is not specified
+ customize `network-stream-use-client-certificates' to t.
:use-starttls-if-possible is a boolean that says to do opportunistic
STARTTLS upgrades even if Emacs doesn't have built-in TLS functionality.