Reference default system-wide CA certificates in manpages OpenSSL, unless explicitly configured, uses system-wide default set of CA certificates. Author: Matus Honek diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5 --- a/doc/man/man5/ldap.conf.5 +++ b/doc/man/man5/ldap.conf.5 @@ -307,6 +307,9 @@ are more options you can specify. These options are used when an .B ldaps:// URI is selected (by default or otherwise) or when the application negotiates TLS by issuing the LDAP StartTLS operation. +.LP +When using OpenSSL, if neither \fBTLS_CACERT\fP nor \fBTLS_CACERTDIR\fP +is set, the system-wide default set of CA certificates is used. .TP .B TLS_CACERT Specifies the file that contains certificates for all of the Certificate diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5 --- a/doc/man/man5/slapd-config.5 +++ b/doc/man/man5/slapd-config.5 @@ -801,6 +801,10 @@ If .B slapd is built with support for Transport Layer Security, there are more options you can specify. +.LP +When using OpenSSL, if neither \fBolcTLSCACertificateFile\fP nor +\fBolcTLSCACertificatePath\fP is set, the system-wide default set of CA +certificates is used. .TP .B olcTLSCipherSuite: Permits configuring what ciphers will be accepted and the preference order. diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -1032,6 +1032,10 @@ If .B slapd is built with support for Transport Layer Security, there are more options you can specify. +.LP +When using OpenSSL, if neither \fBTLSCACertificateFile\fP nor +\fBTLSCACertificatePath\fP is set, the system-wide default set of CA +certificates is used. .TP .B TLSCipherSuite Permits configuring what ciphers will be accepted and the preference order.