Variable: `gnutls-verify-error`

gnutls-verify-error is a customizable variable defined in gnutls.el.gz.

Value

nil

Documentation

If non-nil, this should be t or a list of checks per hostname regex.

If nil, the default, failures in certificate verification will be logged (subject to gnutls-log-level), but the connection will be allowed to proceed. If the value is a list, it should have the form

((HOST-REGEX FLAGS...) (HOST-REGEX FLAGS...) ...)

where each HOST-REGEX is a regular expression to be matched against the hostname, on a first-match basis, and FLAGS is either t or a list of one or more verification flags. The supported flags and the corresponding conditions to be tested are:

  :trustfiles -- certificate must be issued by a trusted authority.
  :hostname -- hostname must match presented certificate's host name.
  t -- all of the above conditions are tested.

If the condition test fails, an error will be signaled.

If the value of this variable is t, every connection will be subjected to all of the tests described above.

The default value of this variable is nil, which means that no checks are performed at the gnutls level. Instead the checks are performed via open-network-stream at a higher level by the Network Security Manager. See Info node (emacs) Network Security.

This variable was added, or its default value changed, in Emacs 24.4.

Probably introduced at or before Emacs version 24.4.

Source Code

;; Defined in /usr/src/emacs/lisp/net/gnutls.el.gz
(defcustom gnutls-verify-error nil
  "If non-nil, this should be t or a list of checks per hostname regex.
If nil, the default, failures in certificate verification will be
logged (subject to `gnutls-log-level'), but the connection will be
allowed to proceed.
If the value is a list, it should have the form

   ((HOST-REGEX FLAGS...) (HOST-REGEX FLAGS...) ...)

where each HOST-REGEX is a regular expression to be matched
against the hostname, on a first-match basis, and FLAGS is either
t or a list of one or more verification flags.  The supported
flags and the corresponding conditions to be tested are:

  :trustfiles -- certificate must be issued by a trusted authority.
  :hostname   -- hostname must match presented certificate's host name.
  t           -- all of the above conditions are tested.

If the condition test fails, an error will be signaled.

If the value of this variable is t, every connection will be subjected
to all of the tests described above.

The default value of this variable is nil, which means that no
checks are performed at the gnutls level.  Instead the checks are
performed via `open-network-stream' at a higher level by the
Network Security Manager.  See Info node `(emacs) Network
Security'."
  :version "24.4"
  :type '(choice
          (const t)
          (repeat :tag "List of hostname regexps with flags for each"
           (list
            (choice :tag "Hostname"
                    (const ".*" :tag "Any hostname")
                    regexp)
            (set (const :trustfiles)
                 (const :hostname))))))

Variable: gnutls-verify-error

Value

Documentation

Source Code

Variable: `gnutls-verify-error`