diff -up ./gnutls.el.old ./gnutls.el --- ./gnutls.el.old 2022-02-14 12:59:06.442427021 +0000 +++ ./gnutls.el 2022-02-14 13:34:59.580342409 +0000 @@ -222,6 +222,27 @@ trust and key files, and priority string (declare-function gnutls-boot "gnutls.c" (proc type proplist)) (declare-function gnutls-errorp "gnutls.c" (error)) (defvar gnutls-log-level) ; gnutls.c +(defcustom gnutls-verify-flags 256 + "Set the default verify flags used - default is 256. +VERIFY-FLAGS is a numeric OR of verification flags only for +`gnutls-x509pki' connections. See GnuTLS' x509.h for details; +here's a recent version of the list. + + GNUTLS_VERIFY_DISABLE_CA_SIGN = 1, + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 2, + GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 4, + GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 8, + GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 16, + GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32, + GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 64, + GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 128, + GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 256 + +It must be omitted, a number, or nil; if omitted or nil it +defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT (256)." + :group 'gnutls + :type '(choice (const nil) number) +) (cl-defun gnutls-negotiate (&rest spec @@ -247,7 +268,7 @@ For the meaning of the rest of the param :crlfiles crlfiles :keylist keylist :min-prime-bits min-prime-bits - :verify-flags verify-flags + :verify-flags (or verify-flags gnutls-verify-flags) :verify-error verify-error :verify-hostname-error verify-hostname-error)) ret) @@ -356,7 +377,7 @@ defaults to GNUTLS_VERIFY_ALLOW_X509_V1_ :trustfiles ,trustfiles :crlfiles ,crlfiles :keylist ,keylist - :verify-flags ,verify-flags + :verify-flags ,(or verify-flags gnutls-verify-flags) :verify-error ,verify-error :callbacks nil)))