mrc0mmand / rpms / openldap

Forked from rpms/openldap 3 years ago
Clone

Blame SOURCES/openldap-openssl-manpage-defaultCA.patch

ef59e1
Reference default system-wide CA certificates in manpages
ef59e1
ef59e1
OpenSSL, unless explicitly configured, uses system-wide default set of CA
ef59e1
certificates.
ef59e1
ef59e1
Author: Matus Honek <mhonek@redhat.com>
ef59e1
ef59e1
diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
ef59e1
--- a/doc/man/man5/ldap.conf.5
ef59e1
+++ b/doc/man/man5/ldap.conf.5
ef59e1
@@ -307,6 +307,9 @@ are more options you can specify.  These options are used when an
ef59e1
 .B ldaps:// URI
ef59e1
 is selected (by default or otherwise) or when the application
ef59e1
 negotiates TLS by issuing the LDAP StartTLS operation.
ef59e1
+.LP
ef59e1
+When using OpenSSL, if neither  \fBTLS_CACERT\fP nor \fBTLS_CACERTDIR\fP
ef59e1
+is set, the system-wide default set of CA certificates is used.
ef59e1
 .TP
ef59e1
 .B TLS_CACERT <filename>
ef59e1
 Specifies the file that contains certificates for all of the Certificate
ef59e1
diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5
ef59e1
--- a/doc/man/man5/slapd-config.5
ef59e1
+++ b/doc/man/man5/slapd-config.5
ef59e1
@@ -801,6 +801,10 @@ If
ef59e1
 .B slapd
ef59e1
 is built with support for Transport Layer Security, there are more options
ef59e1
 you can specify.
ef59e1
+.LP
ef59e1
+When using OpenSSL, if neither  \fBolcTLSCACertificateFile\fP nor
ef59e1
+\fBolcTLSCACertificatePath\fP is set, the system-wide default set of CA
ef59e1
+certificates is used.
ef59e1
 .TP
ef59e1
 .B olcTLSCipherSuite: <cipher-suite-spec>
ef59e1
 Permits configuring what ciphers will be accepted and the preference order.
ef59e1
diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5
ef59e1
--- a/doc/man/man5/slapd.conf.5
ef59e1
+++ b/doc/man/man5/slapd.conf.5
ef59e1
@@ -1032,6 +1032,10 @@ If
ef59e1
 .B slapd
ef59e1
 is built with support for Transport Layer Security, there are more options
ef59e1
 you can specify.
ef59e1
+.LP
ef59e1
+When using OpenSSL, if neither  \fBTLSCACertificateFile\fP nor
ef59e1
+\fBTLSCACertificatePath\fP is set, the system-wide default set of CA
ef59e1
+certificates is used.
ef59e1
 .TP
ef59e1
 .B TLSCipherSuite <cipher-suite-spec>
ef59e1
 Permits configuring what ciphers will be accepted and the preference order.