From 26c18423ab3b7e9100ea915b175c40ed7345df74 Mon Sep 17 00:00:00 2001 From: babak sarashki Date: Wed, 4 Dec 2019 08:03:25 -0800 Subject: [PATCH] openldap man tls reqcert From stx 1901: openldap-man-tls-reqcert.patch From f7027b3118ea90d616d0ddeeb348f15ba91cd08b --- doc/man/man5/ldap.conf.5 | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5 index 49f1830a0..313b9c275 100644 --- a/doc/man/man5/ldap.conf.5 +++ b/doc/man/man5/ldap.conf.5 @@ -433,8 +433,8 @@ The environment variable RANDFILE can also be used to specify the filename. This parameter is ignored with GnuTLS and Mozilla NSS. .TP .B TLS_REQCERT -Specifies what checks to perform on server certificates in a TLS session, -if any. The +Specifies what checks to perform on server certificates in a TLS session. +The .B can be specified as one of the following keywords: .RS @@ -443,19 +443,17 @@ can be specified as one of the following keywords: The client will not request or check any server certificate. .TP .B allow -The server certificate is requested. If no certificate is provided, -the session proceeds normally. If a bad certificate is provided, it will +The server certificate is requested. If a bad certificate is provided, it will be ignored and the session proceeds normally. .TP .B try -The server certificate is requested. If no certificate is provided, -the session proceeds normally. If a bad certificate is provided, -the session is immediately terminated. +The server certificate is requested. If a bad certificate is provided, the +session is immediately terminated. .TP .B demand | hard -These keywords are equivalent. The server certificate is requested. If no -certificate is provided, or a bad certificate is provided, the session -is immediately terminated. This is the default setting. +These keywords are equivalent and semantically same as +.BR try . +This is the default setting. .RE .TP .B TLS_CRLCHECK -- 2.17.1