diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2015-09-13 14:04:03 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-09-13 14:47:07 +0200 |
| commit | 35ab0d8661b6808a9132bde20eefcf07f1486093 (patch) | |
| tree | 42ec4983a078aba283bc060ffd7ba24e73c689d4 /interimap.1 | |
| parent | a4729170cffc902319b08bae86e1ab6e20a7939d (diff) | |
Replace IO::Socket::SSL dependency by the lower level Net::SSLeay.
Also,
* Rename the 'SSL_verify_trusted_peer', 'SSL_ca_path', and
'SSL_cipher_list' options to 'SSL_CApath', 'SSL_verify' and
'SSL_cipherlist', respectively.
* Add an option 'SSL_CAfile' to specify a file containing trusted
certificates to use during server certificate authentication.
* Replace Compress::Zlib dependency by the lower level
Compress::Raw::Zlib.
Diffstat (limited to 'interimap.1')
| -rw-r--r-- | interimap.1 | 63 |
1 files changed, 36 insertions, 27 deletions
diff --git a/interimap.1 b/interimap.1 index 988fa16..7ac8204 100644 --- a/interimap.1 +++ b/interimap.1 @@ -282,33 +282,6 @@ pre\-authenticated connections, depending on the chosen authentication mechanism. .TP -.I SSL_cipher_list -Cipher list to use for the connection. -See \fIciphers\fR(1ssl) for the format of such list. - -.TP -.I SSL_fingerprint -Fingerprint of the server certificate in the form -\fIALGO\fR$\fIDIGEST_HEX\fR, where \fIALGO\fR is the used algorithm -(default \(lqsha256\(rq). -Attempting to connect to a server with a non-matching certificate -fingerprint causes \fBInterIMAP\fR to abort the connection immediately -after the SSL/TLS handshake. - -.TP -.I SSL_verify_trusted_peer -Whether to verify that the peer certificate has been signed by a trusted -Certificate Authority. Note that using \fISSL_fingerprint\fR to specify -the fingerprint of the server certificate is orthogonal and does not -rely on Certificate Authorities. -(Default: \(lqYES\(rq.) - -.TP -.I SSL_ca_path -Directory containing the certificate(s) of the trusted Certificate -Authorities, used for server certificate verification. - -.TP .I compress Whether to use the IMAP COMPRESS extension [RFC4978] for servers advertizing it. @@ -333,6 +306,42 @@ This option is only available in the default section, and is ignored if either server does not advertize \(lqBINARY\(rq in its capability list. (Default: \(lqYES\(rq.) +.TP +.I SSL_cipher_list +The cipher list to send to the server. Although the server determines +which cipher suite is used, it should take the first supported cipher in +the list sent by the client. See \fBciphers\fR(1ssl) for more +information. + +.TP +.I SSL_fingerprint +Fingerprint of the server certificate (or its public key) in the form +\fIALGO\fR$\fIDIGEST_HEX\fR, where \fIALGO\fR is the used algorithm +(default \(lqsha256\(rq). +Attempting to connect to a server with a non-matching certificate +fingerprint causes \fBInterIMAP\fR to abort the connection immediately +after the SSL/TLS handshake. + +.TP +.I SSL_verify +Whether to verify the server certificate chain. +Note that using \fISSL_fingerprint\fR to specify the fingerprint of the +server certificate is an orthogonal authentication measure as it ignores +the CA chain. +(Default: \(lqYES\(rq.) + +.TP +.I SSL_CApath +Directory to use for server certificate verification if +\(lq\fISSL_verify\fR=YES\(rq. +This directory must be in \(lqhash format\(rq, see \fBverify\fR(1ssl) +for more information. + +.TP +.I SSL_CAfile +File containing trusted certificates to use during server certificate +authentication if \(lq\fISSL_verify\fR=YES\(rq. + .SH SUPPORTED EXTENSIONS Performance is better for servers supporting the following extensions to |