mirror of
https://github.com/osmarks/ngircd.git
synced 2025-05-12 12:14:09 +00:00
Update documentation on CAFile
ngIRCd 27 now checks server certificates, and without `CAFile` set will reject all server/server connections with a confusing error. Update documentation to say that `CAFile` is needed to accept incoming server connections.
This commit is contained in:
osmarks
GitHub
parent
acf8409c60
commit
164da7d063
11
doc/SSL.md
11
doc/SSL.md
@ -26,7 +26,7 @@ SSL-encrypted connections and plain-text connects can't run on the same network
|
|||||||
port (which is a limitation of the IRC protocol); therefore you have to define
|
port (which is a limitation of the IRC protocol); therefore you have to define
|
||||||
separate port(s) in your `[SSL]` block in the configuration file.
|
separate port(s) in your `[SSL]` block in the configuration file.
|
||||||
|
|
||||||
A minimal configuration for *accepting* SSL-encrypted client & server
|
A minimal configuration for *accepting* SSL-encrypted client
|
||||||
connections looks like this:
|
connections looks like this:
|
||||||
|
|
||||||
``` ini
|
``` ini
|
||||||
@ -36,11 +36,12 @@ KeyFile = /etc/ssl/certs/my-privkey.pem
|
|||||||
Ports = 6697, 6698
|
Ports = 6697, 6698
|
||||||
```
|
```
|
||||||
|
|
||||||
In this case, the server only deals with *incoming* connections and never has to
|
In this case, the server only deals with unauthenticated incoming
|
||||||
validate SSL certificates itself, and therefore no "Certificate Authorities" are
|
connections and never has to validate SSL certificates itself, and therefore
|
||||||
needed.
|
no "Certificate Authorities" are needed.
|
||||||
|
|
||||||
If you want to use *outgoing* SSL-connections to other servers, you need to add:
|
If you want to use *outgoing* SSL-connections to other servers or accept
|
||||||
|
incoming *server* connections, you need to add:
|
||||||
|
|
||||||
``` ini
|
``` ini
|
||||||
[SSL]
|
[SSL]
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user