Return-Path: X-Original-To: apmail-couchdb-commits-archive@www.apache.org Delivered-To: apmail-couchdb-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 48EBD179FF for ; Mon, 27 Oct 2014 10:58:43 +0000 (UTC) Received: (qmail 60627 invoked by uid 500); 27 Oct 2014 10:58:43 -0000 Delivered-To: apmail-couchdb-commits-archive@couchdb.apache.org Received: (qmail 60571 invoked by uid 500); 27 Oct 2014 10:58:43 -0000 Mailing-List: contact commits-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list commits@couchdb.apache.org Received: (qmail 60562 invoked by uid 99); 27 Oct 2014 10:58:43 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Oct 2014 10:58:43 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id C43929095E1; Mon, 27 Oct 2014 10:58:42 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: klaus_trainer@apache.org To: commits@couchdb.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: couchdb commit: updated refs/heads/1.x.x to c3c9588 Date: Mon, 27 Oct 2014 10:58:42 +0000 (UTC) Repository: couchdb Updated Branches: refs/heads/1.x.x 83cf448f0 -> c3c9588ca Improve documentation of `cacert_file` ssl option The documentation was incorrect insofar that it only described its functionality for client verification, although the configuration is used for server verification as well. Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/c3c9588c Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/c3c9588c Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/c3c9588c Branch: refs/heads/1.x.x Commit: c3c9588ca8d087419462dbffced3c15033375876 Parents: 83cf448 Author: Klaus Trainer Authored: Mon Oct 27 11:55:14 2014 +0100 Committer: Klaus Trainer Committed: Mon Oct 27 11:55:14 2014 +0100 ---------------------------------------------------------------------- share/doc/src/config/http.rst | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb/blob/c3c9588c/share/doc/src/config/http.rst ---------------------------------------------------------------------- diff --git a/share/doc/src/config/http.rst b/share/doc/src/config/http.rst index 1ae3abe..4084be5 100644 --- a/share/doc/src/config/http.rst +++ b/share/doc/src/config/http.rst @@ -329,9 +329,12 @@ Secure Socket Level Options .. config:option:: cacert_file :: CA Certificate file - Path to file containing PEM encoded CA certificates (trusted certificates - used for verifying a peer certificate). May be omitted if you do not want - to verify the peer:: + The path to a file containing PEM encoded CA certificates. The CA + certificates are used to build the server certificate chain, and for client + authentication. Also the CAs are used in the list of acceptable client CAs + passed to the client when a certificate is requested. May be omitted if + there is no need to verify the client and if there are not any intermediate + CAs for the server certificate:: [ssl] cacert_file = /etc/ssl/certs/ca-certificates.crt