openldap/openldap-openssl-manpage-defaultCA.patch
Petr Šabata 3128277048 RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/openldap#f9945ac297c550f1bcc2cb810f2284e4b23b1e75
2020-10-15 22:20:47 +02:00

49 lines
1.8 KiB
Diff

Reference default system-wide CA certificates in manpages
OpenSSL, unless explicitly configured, uses system-wide default set of CA
certificates.
Author: Matus Honek <mhonek@redhat.com>
diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
--- a/doc/man/man5/ldap.conf.5
+++ b/doc/man/man5/ldap.conf.5
@@ -307,6 +307,9 @@ are more options you can specify. These options are used when an
.B ldaps:// URI
is selected (by default or otherwise) or when the application
negotiates TLS by issuing the LDAP StartTLS operation.
+.LP
+When using OpenSSL, if neither \fBTLS_CACERT\fP nor \fBTLS_CACERTDIR\fP
+is set, the system-wide default set of CA certificates is used.
.TP
.B TLS_CACERT <filename>
Specifies the file that contains certificates for all of the Certificate
diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5
--- a/doc/man/man5/slapd-config.5
+++ b/doc/man/man5/slapd-config.5
@@ -801,6 +801,10 @@ If
.B slapd
is built with support for Transport Layer Security, there are more options
you can specify.
+.LP
+When using OpenSSL, if neither \fBolcTLSCACertificateFile\fP nor
+\fBolcTLSCACertificatePath\fP is set, the system-wide default set of CA
+certificates is used.
.TP
.B olcTLSCipherSuite: <cipher-suite-spec>
Permits configuring what ciphers will be accepted and the preference order.
diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -1032,6 +1032,10 @@ If
.B slapd
is built with support for Transport Layer Security, there are more options
you can specify.
+.LP
+When using OpenSSL, if neither \fBTLSCACertificateFile\fP nor
+\fBTLSCACertificatePath\fP is set, the system-wide default set of CA
+certificates is used.
.TP
.B TLSCipherSuite <cipher-suite-spec>
Permits configuring what ciphers will be accepted and the preference order.