diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2020-12-13 17:43:52 +0100 | 
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2020-12-13 18:44:18 +0100 | 
| commit | 8c43ed9baa905d907a6aad77de2282a852ba69a9 (patch) | |
| tree | 4b8ecfe08d1aafcfde68cce0fb63b1bf4ec9542d /doc | |
| parent | ba9d8af01141a6d5d5b98a0e249c311814b844a6 (diff) | |
libinterimap: use default locations for trusted CA certificates when neither CAfile nor CApath are set.
In particular, OpenSSL's default locations can be overridden by the
SSL_CERT_FILE resp. SSL_CERT_DIR environment variables, see
SSL_CTX_load_verify_locations(3ssl).
This bumps the minimum OpenSSL version to 1.1.0 (when SSL_verify is
used).
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/interimap.1.md | 14 | ||||
| -rw-r--r-- | doc/pullimap.1.md | 14 | 
2 files changed, 20 insertions, 8 deletions
| diff --git a/doc/interimap.1.md b/doc/interimap.1.md index 2310cb3..63d5ab0 100644 --- a/doc/interimap.1.md +++ b/doc/interimap.1.md @@ -439,6 +439,14 @@ Valid options are:      measure as it pins directly its key material and ignore its chain of      trust. +*SSL_CAfile* + +:   File containing trusted certificates to use during server +    certificate verification when `SSL_verify=YES`. + +    Trusted CA certificates are loaded from the default system locations +    unless one (or both) of *SSL_CAfile* or *SSL_CApath* is set. +  *SSL_CApath*  :   Directory to use for server certificate verification when @@ -446,10 +454,8 @@ Valid options are:      This directory must be in “hash format”, see [`verify`(1ssl)] for      more information. -*SSL_CAfile* - -:   File containing trusted certificates to use during server -    certificate verification when `SSL_verify=YES`. +    Trusted CA certificates are loaded from the default system locations +    unless one (or both) of *SSL_CAfile* or *SSL_CApath* is set.  *SSL_hostname* diff --git a/doc/pullimap.1.md b/doc/pullimap.1.md index cf6ec52..05cbcaf 100644 --- a/doc/pullimap.1.md +++ b/doc/pullimap.1.md @@ -258,6 +258,14 @@ Valid options are:      measure as it pins directly its key material and ignore its chain of      trust. +*SSL_CAfile* + +:   File containing trusted certificates to use during server +    certificate verification when `SSL_verify=YES`. + +    Trusted CA certificates are loaded from the default system locations +    unless one (or both) of *SSL_CAfile* or *SSL_CApath* is set. +  *SSL_CApath*  :   Directory to use for server certificate verification when @@ -265,10 +273,8 @@ Valid options are:      This directory must be in “hash format”, see [`verify`(1ssl)] for      more information. -*SSL_CAfile* - -:   File containing trusted certificates to use during server -    certificate verification when `SSL_verify=YES`. +    Trusted CA certificates are loaded from the default system locations +    unless one (or both) of *SSL_CAfile* or *SSL_CApath* is set.  *SSL_hostname* | 
