Make URL pass the TLS peer status to the caller

* lisp/url/url-http.el (url-http-parse-headers): Pass the GnuTLS
status of the connection to the caller.

etc/NEWS

@@ -328,6 +328,10 @@ a function.
 to specify that we're running in a noninteractive context, and that
 we should not be queried about things like TLS certificate validity.
 
+*** If URL is used with a https connection, the first callback argument
+plist will contain a :peer element that has the output of
+`gnutls-peer-status' (if Emacs is built with GnuTLS support).
+
 ** Tramp
 
 *** New connection method "nc", which allows to access dumb busyboxes.

lisp/url/ChangeLog

+2014-12-09  Lars Magne Ingebrigtsen  <larsi@gnus.org>
+
+	* url-http.el (url-http-parse-headers): Pass the GnuTLS status of
+	the connection to the caller.
+
 2014-12-08  Stefan Monnier  <monnier@iro.umontreal.ca>
 
 	* url-http.el (url-http-activate-callback): Make debug more verbose.

lisp/url/url-http.el

@@ -25,7 +25,9 @@
 
 ;;; Code:
 
-(eval-when-compile (require 'cl-lib))
+(eval-when-compile
+  (require 'cl-lib)
+  (require 'subr-x))
 
 (defvar url-callback-arguments)
 (defvar url-callback-function)
@@ -492,7 +494,12 @@ should be shown to the user."
   (url-http-mark-connection-as-free (url-host url-current-object)
 				    (url-port url-current-object)
 				    url-http-process)
-
+  ;; Pass the certificate on to the caller.
+  (when (gnutls-available-p)
+    (when-let (status (gnutls-peer-status url-http-process))
+      (setcar url-callback-arguments
+	      (plist-put (car url-callback-arguments)
+			 :peer status))))
   (if (or (not (boundp 'url-http-end-of-headers))
 	  (not url-http-end-of-headers))
       (error "Trying to parse headers in odd buffer: %s" (buffer-name)))