documentation: gnutls does not support password-protected privkeys

already mentioned in man page and sample config file, but for completeness also document it in doc/SSL.txt.
2025-10-31 05:52:59 +00:00 · 2009-01-09 21:30:43 +01:00
parent 00c8dfa8be
commit 0acef7c598
1 changed files with 8 additions and 2 deletions
--- a/doc/SSL.txt
+++ b/doc/SSL.txt
@@ -20,8 +20,11 @@ options of the ./configure script to enable it:
  --with-openssl     enable SSL support using OpenSSL
  --with-gnutls      enable SSL support using GnuTLS

-You need a SSL certificate, see below for how to create a self-signed one.
+You also need a key/certificate, see below for how to create a self-signed one.

+From a feature point of view, ngIRCds support for both libraries is
+comparable. The only major difference (at this time) is that ngircd with gnutls
+does not support password protected private keys.

 Configuration
 ~~~~~~~~~~~~~
@@ -64,7 +67,7 @@ Create DH parameters (optional):
 Alternate approach using stunnel(1)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-Alternatively (or if you are using ngIRCd without compiled without support
+Alternatively (or if you are using ngIRCd compiled without support
 for GnuTLS/OpenSSL), you can use external programs/tools like stunnel(1) to
 get SSL encrypted connections:

@@ -101,4 +104,7 @@ short "how-to", thanks Stefan!

    That's it.
    Don't forget to activate ssl support in your irc client ;)
+    The main drawback of this approach compared to using builtin ssl
+    is that from ngIRCds point of view, all ssl-enabled client connections will
+    originate from the host running stunnel.
 === snip ===