(open-tls-stream): Actually consult tls-checktrust to see if

certs should be verified and what is to be done in the event of a
verification failure.

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index eb3b4db..5038518 100644 (file)
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,5 +1,9 @@
 2007-11-28  Elias Oltmanns  <eo@nebensachen.de>
 
+       * tls.el (open-tls-stream): Actually consult tls-checktrust to see if
+       certs should be verified and what is to be done in the event of a
+       verification failure.
+
        * gnus.el (gnus-method-to-server): Add an optional parameter so the
        caller can indicate whether the cache should be disregarded for this
        call.  This way the result of the call is reproducible at all times and

diff --git a/lisp/tls.el b/lisp/tls.el
index 5fea153..efcb160 100644 (file)
--- a/lisp/tls.el
+++ b/lisp/tls.el
@@ -229,12 +229,15 @@ Fourth arg PORT is an integer specifying a port to connect to."
        (set-buffer buffer)
        (when
            (or
-            (and tls-untrusted
+            (and tls-checktrust
                  (progn
                    (goto-char (point-min))
                    (re-search-forward tls-untrusted nil t))
-                 (not (yes-or-no-p
-                       (format "The certificate presented by `%s' is NOT trusted. Accept anyway? " host))))
+                 (or 
+                  (and (not (eq tls-checktrust 'ask))
+                       (message "The certificate presented by `%s' is NOT trusted." host))
+                  (not (yes-or-no-p
+                        (format "The certificate presented by `%s' is NOT trusted. Accept anyway? " host)))))
             (and tls-hostmismatch
                  (progn
                    (goto-char (point-min))