aboutsummaryrefslogtreecommitdiffstats
path: root/doc/interimap.1.md
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-12-13 17:43:52 +0100
committerGuilhem Moulin <guilhem@fripost.org>2020-12-13 18:44:18 +0100
commit8c43ed9baa905d907a6aad77de2282a852ba69a9 (patch)
tree4b8ecfe08d1aafcfde68cce0fb63b1bf4ec9542d /doc/interimap.1.md
parentba9d8af01141a6d5d5b98a0e249c311814b844a6 (diff)
libinterimap: use default locations for trusted CA certificates when neither CAfile nor CApath are set.
In particular, OpenSSL's default locations can be overridden by the SSL_CERT_FILE resp. SSL_CERT_DIR environment variables, see SSL_CTX_load_verify_locations(3ssl). This bumps the minimum OpenSSL version to 1.1.0 (when SSL_verify is used).
Diffstat (limited to 'doc/interimap.1.md')
-rw-r--r--doc/interimap.1.md14
1 files changed, 10 insertions, 4 deletions
diff --git a/doc/interimap.1.md b/doc/interimap.1.md
index 2310cb3..63d5ab0 100644
--- a/doc/interimap.1.md
+++ b/doc/interimap.1.md
@@ -439,6 +439,14 @@ Valid options are:
measure as it pins directly its key material and ignore its chain of
trust.
+*SSL_CAfile*
+
+: File containing trusted certificates to use during server
+ certificate verification when `SSL_verify=YES`.
+
+ Trusted CA certificates are loaded from the default system locations
+ unless one (or both) of *SSL_CAfile* or *SSL_CApath* is set.
+
*SSL_CApath*
: Directory to use for server certificate verification when
@@ -446,10 +454,8 @@ Valid options are:
This directory must be in “hash format”, see [`verify`(1ssl)] for
more information.
-*SSL_CAfile*
-
-: File containing trusted certificates to use during server
- certificate verification when `SSL_verify=YES`.
+ Trusted CA certificates are loaded from the default system locations
+ unless one (or both) of *SSL_CAfile* or *SSL_CApath* is set.
*SSL_hostname*