Installing SSL
**************

   In order to use SSL in Emacs/W3, an implementation of SSL is
necessary.  Emacs/W3 is configued to work out of the box with SSLeay
0.6.6 or later.  For best results, you should apply a patch that makes
the SSLeay client much quieter about what it reports.

   You can download SSLeay from `ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/'

   The following variables control how the external program is invoked.

`ssl-program-name'
     The name of the program to run, as a string.

          (setq ssl-program-name "s_client")

`ssl-program-arguments'
     This should be used if your SSL program needs command line
     switches to specify any behaviour (certificate file locations,
     etc).  This is a list of strings and symbols.

     The special symbols 'host and 'port may be used in the list of
     arguments and will be replaced with the hostname and service/port
     that will be connected to.

          (setq ssl-program-arguments '("-host" host "-port" service "-verify" "4"
                                        "-CApath /usr/local/ssl/certs"))
     The default is ("-host" host "-port" service "-verify"
SSL-CERTIFICATE-VERIFICATION-POLICY -CApath SSL-CERTIFICATE-DIRECTORY).

   `ssl-certificate-directory' is the directory in which CA
certificates are stored.  It is `W3-CONFIGURATION-DIRECTORY/cert' by
default.

   `ssl-rehash-program-name' is the program that is run after adding a
certificate to the `ssl-certificate-directory' directory.  It is run
with the directory name as an argument and defaults to `c_rehash'.

   `ssl-view-certificate-program-name' names the program that can
produce a human-readable view of a certificate.  It is `x509' by
default and is called with the arguments listed in
`ssl-view-certificate-program-arguments' which is `("text" "-inform"
"DER")' by default.

   `ssl-certificate-directory-style' specifies the type of certificate
database to use.  It's default (and at the moment, only possible value)
is `ssleay' which specifies a directory or pem encoded certificates
with hash symlinks.

   You can decide how high up the chain of certificates should be
verified by setting `ssl-certificate-verification-policy'.  Possible
values are
0
     No verification

1
     Verification required

3
     Reject connection if verification fails

5
     SSL_VERIFY_CLIENT_ONCE The default is 0