certs should be verified and what is to be done in the event of a
verification failure.
2007-11-28 Elias Oltmanns <eo@nebensachen.de>
+ * tls.el (open-tls-stream): Actually consult tls-checktrust to see if
+ certs should be verified and what is to be done in the event of a
+ verification failure.
+
* gnus.el (gnus-method-to-server): Add an optional parameter so the
caller can indicate whether the cache should be disregarded for this
call. This way the result of the call is reproducible at all times and
(set-buffer buffer)
(when
(or
- (and tls-untrusted
+ (and tls-checktrust
(progn
(goto-char (point-min))
(re-search-forward tls-untrusted nil t))
- (not (yes-or-no-p
- (format "The certificate presented by `%s' is NOT trusted. Accept anyway? " host))))
+ (or
+ (and (not (eq tls-checktrust 'ask))
+ (message "The certificate presented by `%s' is NOT trusted." host))
+ (not (yes-or-no-p
+ (format "The certificate presented by `%s' is NOT trusted. Accept anyway? " host)))))
(and tls-hostmismatch
(progn
(goto-char (point-min))