|
|
ef59e1 |
Reference default system-wide CA certificates in manpages
|
|
|
ef59e1 |
|
|
|
ef59e1 |
OpenSSL, unless explicitly configured, uses system-wide default set of CA
|
|
|
ef59e1 |
certificates.
|
|
|
ef59e1 |
|
|
|
ef59e1 |
Author: Matus Honek <mhonek@redhat.com>
|
|
|
ef59e1 |
|
|
|
ef59e1 |
diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
|
|
|
ef59e1 |
--- a/doc/man/man5/ldap.conf.5
|
|
|
ef59e1 |
+++ b/doc/man/man5/ldap.conf.5
|
|
|
ef59e1 |
@@ -307,6 +307,9 @@ are more options you can specify. These options are used when an
|
|
|
ef59e1 |
.B ldaps:// URI
|
|
|
ef59e1 |
is selected (by default or otherwise) or when the application
|
|
|
ef59e1 |
negotiates TLS by issuing the LDAP StartTLS operation.
|
|
|
ef59e1 |
+.LP
|
|
|
ef59e1 |
+When using OpenSSL, if neither \fBTLS_CACERT\fP nor \fBTLS_CACERTDIR\fP
|
|
|
ef59e1 |
+is set, the system-wide default set of CA certificates is used.
|
|
|
ef59e1 |
.TP
|
|
|
ef59e1 |
.B TLS_CACERT <filename>
|
|
|
ef59e1 |
Specifies the file that contains certificates for all of the Certificate
|
|
|
ef59e1 |
diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5
|
|
|
ef59e1 |
--- a/doc/man/man5/slapd-config.5
|
|
|
ef59e1 |
+++ b/doc/man/man5/slapd-config.5
|
|
|
ef59e1 |
@@ -801,6 +801,10 @@ If
|
|
|
ef59e1 |
.B slapd
|
|
|
ef59e1 |
is built with support for Transport Layer Security, there are more options
|
|
|
ef59e1 |
you can specify.
|
|
|
ef59e1 |
+.LP
|
|
|
ef59e1 |
+When using OpenSSL, if neither \fBolcTLSCACertificateFile\fP nor
|
|
|
ef59e1 |
+\fBolcTLSCACertificatePath\fP is set, the system-wide default set of CA
|
|
|
ef59e1 |
+certificates is used.
|
|
|
ef59e1 |
.TP
|
|
|
ef59e1 |
.B olcTLSCipherSuite: <cipher-suite-spec>
|
|
|
ef59e1 |
Permits configuring what ciphers will be accepted and the preference order.
|
|
|
ef59e1 |
diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5
|
|
|
ef59e1 |
--- a/doc/man/man5/slapd.conf.5
|
|
|
ef59e1 |
+++ b/doc/man/man5/slapd.conf.5
|
|
|
ef59e1 |
@@ -1032,6 +1032,10 @@ If
|
|
|
ef59e1 |
.B slapd
|
|
|
ef59e1 |
is built with support for Transport Layer Security, there are more options
|
|
|
ef59e1 |
you can specify.
|
|
|
ef59e1 |
+.LP
|
|
|
ef59e1 |
+When using OpenSSL, if neither \fBTLSCACertificateFile\fP nor
|
|
|
ef59e1 |
+\fBTLSCACertificatePath\fP is set, the system-wide default set of CA
|
|
|
ef59e1 |
+certificates is used.
|
|
|
ef59e1 |
.TP
|
|
|
ef59e1 |
.B TLSCipherSuite <cipher-suite-spec>
|
|
|
ef59e1 |
Permits configuring what ciphers will be accepted and the preference order.
|