[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

D. Installing SSL

In order to use SSL in Emacs/W3, an implementation of SSL is necessary. Emacs/W3 is configued to work out of the box with SSLeay 0.6.6 or later. For best results, you should apply a patch that makes the SSLeay client much quieter about what it reports.

You can download SSLeay from ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/

The following variables control how the external program is invoked.

The name of the program to run, as a string.

(setq ssl-program-name "s_client")

This should be used if your SSL program needs command line switches to specify any behaviour (certificate file locations, etc). This is a list of strings and symbols.

The special symbols 'host and 'port may be used in the list of arguments and will be replaced with the hostname and service/port that will be connected to.

(setq ssl-program-arguments '("-host" host
                              "-port" service
                              "-verify" "4"
                              "-CApath /usr/local/ssl/certs"))
The default is ("-host" host "-port" service "-verify" ssl-certificate-verification-policy -CApath ssl-certificate-directory).

ssl-certificate-directory is the directory in which CA certificates are stored. It is w3-configuration-directory/cert by default.

ssl-rehash-program-name is the program that is run after adding a certificate to the ssl-certificate-directory directory. It is run with the directory name as an argument and defaults to c_rehash.

ssl-view-certificate-program-name names the program that can produce a human-readable view of a certificate. It is x509 by default and is called with the arguments listed in ssl-view-certificate-program-arguments which is ("text" "-inform" "DER") by default.

ssl-certificate-directory-style specifies the type of certificate database to use. It's default (and at the moment, only possible value) is ssleay which specifies a directory or pem encoded certificates with hash symlinks.

You can decide how high up the chain of certificates should be verified by setting ssl-certificate-verification-policy. Possible values are

No verification
Verification required
Reject connection if verification fails
The default is 0

[ << ] [ >> ]           [Top] [Contents] [Index] [ ? ]

This document was generated by XEmacs Webmaster on October, 2 2007 using texi2html