aboutsummaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-12-13 17:43:52 +0100
committerGuilhem Moulin <guilhem@fripost.org>2020-12-13 18:44:18 +0100
commit8c43ed9baa905d907a6aad77de2282a852ba69a9 (patch)
tree4b8ecfe08d1aafcfde68cce0fb63b1bf4ec9542d /doc
parentba9d8af01141a6d5d5b98a0e249c311814b844a6 (diff)
libinterimap: use default locations for trusted CA certificates when neither CAfile nor CApath are set.
In particular, OpenSSL's default locations can be overridden by the SSL_CERT_FILE resp. SSL_CERT_DIR environment variables, see SSL_CTX_load_verify_locations(3ssl). This bumps the minimum OpenSSL version to 1.1.0 (when SSL_verify is used).
Diffstat (limited to 'doc')
-rw-r--r--doc/interimap.1.md14
-rw-r--r--doc/pullimap.1.md14
2 files changed, 20 insertions, 8 deletions
diff --git a/doc/interimap.1.md b/doc/interimap.1.md
index 2310cb3..63d5ab0 100644
--- a/doc/interimap.1.md
+++ b/doc/interimap.1.md
@@ -439,6 +439,14 @@ Valid options are:
measure as it pins directly its key material and ignore its chain of
trust.
+*SSL_CAfile*
+
+: File containing trusted certificates to use during server
+ certificate verification when `SSL_verify=YES`.
+
+ Trusted CA certificates are loaded from the default system locations
+ unless one (or both) of *SSL_CAfile* or *SSL_CApath* is set.
+
*SSL_CApath*
: Directory to use for server certificate verification when
@@ -446,10 +454,8 @@ Valid options are:
This directory must be in “hash format”, see [`verify`(1ssl)] for
more information.
-*SSL_CAfile*
-
-: File containing trusted certificates to use during server
- certificate verification when `SSL_verify=YES`.
+ Trusted CA certificates are loaded from the default system locations
+ unless one (or both) of *SSL_CAfile* or *SSL_CApath* is set.
*SSL_hostname*
diff --git a/doc/pullimap.1.md b/doc/pullimap.1.md
index cf6ec52..05cbcaf 100644
--- a/doc/pullimap.1.md
+++ b/doc/pullimap.1.md
@@ -258,6 +258,14 @@ Valid options are:
measure as it pins directly its key material and ignore its chain of
trust.
+*SSL_CAfile*
+
+: File containing trusted certificates to use during server
+ certificate verification when `SSL_verify=YES`.
+
+ Trusted CA certificates are loaded from the default system locations
+ unless one (or both) of *SSL_CAfile* or *SSL_CApath* is set.
+
*SSL_CApath*
: Directory to use for server certificate verification when
@@ -265,10 +273,8 @@ Valid options are:
This directory must be in “hash format”, see [`verify`(1ssl)] for
more information.
-*SSL_CAfile*
-
-: File containing trusted certificates to use during server
- certificate verification when `SSL_verify=YES`.
+ Trusted CA certificates are loaded from the default system locations
+ unless one (or both) of *SSL_CAfile* or *SSL_CApath* is set.
*SSL_hostname*