Make elpher-gemini-TLS-cert-checks usable with SOCKS

This is a followup to:

https://lists.sr.ht/~michel-slm/elpher/%3C87wmk7kvjl.fsf@librehacker.com%3E

The changes make the option `elpher-gemini-TLS-cert-checks' usable with non
.onion SOCKS connections. While it's possible to obtain DV certs for .onion
domains, that's mostly a thing with the Facebooks and Twitters of the world,
so this change doesn't bother checking them.

Note that this will leak DNS for users on versions of Emacs 31.0.50 before

https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=50deb59a

The rationale here is that these are advanced users who update regularly
enough for this not to be a problem.

diff --git a/elpher.el b/elpher.el
index dcc702a..5910e8c 100644 (file)
--- a/elpher.el
+++ b/elpher.el
@@ -996,8 +996,13 @@ the host operating system and the local network capabilities.)"
                                     (error
                                      (elpher-network-error address the-error)))))
           (when socks
-            (if use-tls
-                (apply #'gnutls-negotiate :process proc gnutls-params))
+            (when use-tls
+              (apply #'gnutls-negotiate :process proc gnutls-params)
+              (unless (or (< emacs-major-version 31)
+                          (string-suffix-p ".onion" host))
+                ;; Bind this option to nil to suppress DNS lookups.
+                (let (nsm-trust-local-network)
+                  (nsm-verify-connection proc host port))))
             (funcall (process-sentinel proc) proc "open\n")))
       (error
        (elpher-process-cleanup)