commit e054c575ead9d5b640ef6987f16691cb9e71ede9
parent 89dc7592eea3f7b2804c2ec09f58c877ad096fef
Author: Oswald Buddenhagen <ossi@users.sf.net>
Date: Fri, 6 Nov 2015 08:29:05 +0100
fix CertificateFile docs & samples
the mbsync manual says explicitly that the system's default certificate
store should *not* be specified.
however, the isync manual talked about CA certificates, which is (and
always was) exactly wrong.
also adjust both .sample rc files.
Diffstat:
3 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/compat/isync.1 b/src/compat/isync.1
@@ -259,7 +259,12 @@ established with the IMAP server. (Default: \fIyes\fR)
..
.TP
\fBCertificateFile\fR \fIpath\fR
-File containing X.509 CA certificates used to verify server identities.
+File containing additional X.509 certificates used to verify server
+identities. Directly matched peer certificates are always trusted,
+regardless of validity.
+.br
+Note that the system's default certificate store is always used
+and should not be specified here.
..
.TP
\fBUseSSLv2\fR \fIyes\fR|\fIno\fR
diff --git a/src/compat/isyncrc.sample b/src/compat/isyncrc.sample
@@ -3,7 +3,7 @@
# doesn't specify it.
# SSL server certificate file
-CertificateFile /etc/ssl/certs/ca-certificates.crt
+CertificateFile ~/.isync.certs
# by default, expunge deleted messages (same as -e on command line)
Expunge yes
diff --git a/src/mbsyncrc.sample b/src/mbsyncrc.sample
@@ -26,7 +26,6 @@ Pass xxxxxxxx
# "Account Name" USERNAME
# "Password" PASSWORD
#PassCmd "/usr/bin/security find-internet-password -w -a USERNAME -s IMAPSERVER ~/Library/Keychains/login.keychain"
-CertificateFile /etc/ssl/certs/ca-certificates.crt
Channel work
Master :work: