Document `gnutls-verify-error'.

* emacs-gnutls.texi (Help For Users): Document `gnutls-verify-error'.
2025-01-01 11:14:55 +00:00 · 2013-12-23 07:50:47 -05:00 · 2013-12-23 07:50:47 -05:00 · a0f20f21e0
commit a0f20f21e0
parent 30143e3d9b
2 changed files with 22 additions and 0 deletions
--- a/doc/misc/ChangeLog
+++ b/doc/misc/ChangeLog
@ -1,3 +1,7 @@
+2013-12-23  Teodor Zlatanov  <tzz@lifelogs.com>
+
+	* emacs-gnutls.texi (Help For Users): Document `gnutls-verify-error'.
+
 2013-12-22  Glenn Morris  <rgm@gnu.org>

 	* woman.texi (Navigation): Use itemx where appropriate.
--- a/doc/misc/emacs-gnutls.texi
+++ b/doc/misc/emacs-gnutls.texi
@ -132,6 +132,24 @@ know if you do, so we can make the change to benefit the other users
 of that platform.
@end defvar

+@defvar gnutls-verify-error
+The @code{gnutls-verify-error} variable allows you to verify SSL/TLS
+server certificates for all connections or by host name.  It defaults
+to @code{nil} for now but will likely be changed to @code{t} later,
+meaning that all certificates will be verified.
+
+There are two checks available currently, that the certificate has
+been issued by a trusted authority as defined by
+@code{gnutls-trustfiles}, and that the hostname matches the
+certificate.  @code{t} enables both checks, but you can enable them
+individually as well with @code{:trustfiles} and @code{:hostname}
+instead.
+
+Because of the low-level interactions with the GnuTLS library, there
+is no way currently to ask if a certificate can be accepted.  You have
+to look in the @code{*Messages*} buffer.
+@end defvar
+
@defvar gnutls-min-prime-bits
 The @code{gnutls-min-prime-bits} variable is a pretty exotic
 customization for cases where you want to refuse handshakes with keys