Commit Diff

Commit:
37c31eeae0bdaad6ea6b6038459b0553115f7e2e
From:
osmarks <me@osmarks.net>
Via:
GitHub <noreply@github.com>
Date:
Message:
Update documentation on CAFile ngIRCd 27 now checks server certificates, and without `CAFile` set will reject all server/server connections with a confusing error. Update documentation to say that `CAFile` is needed to accept incoming server connections. Closes #320.
Actions:
Patch | Tree
commit - acf8409c60ccc96beed0a1f990c4f9374823c0ce
commit + 37c31eeae0bdaad6ea6b6038459b0553115f7e2e
blob - a2e029b2af2dcfc18d5a4bf27b3be360e400a13a
blob + c457e60e04be4db50557d8b86c2cb885ab65e450
--- doc/SSL.md
+++ doc/SSL.md
@@ -26,7 +26,7 @@ SSL-encrypted connections and plain-text connects can'
 port (which is a limitation of the IRC protocol); therefore you have to define
 separate port(s) in your `[SSL]` block in the configuration file.
 
-A minimal configuration for *accepting* SSL-encrypted client & server
+A minimal configuration for *accepting* SSL-encrypted client
 connections looks like this:
 
 ``` ini
@@ -36,11 +36,12 @@ KeyFile = /etc/ssl/certs/my-privkey.pem
 Ports = 6697, 6698
 ```
 
-In this case, the server only deals with *incoming* connections and never has to
-validate SSL certificates itself, and therefore no "Certificate Authorities" are
-needed.
+In this case, the server only deals with unauthenticated incoming
+connections and never has to validate SSL certificates itself, and therefore
+no "Certificate Authorities" are needed.
 
-If you want to use *outgoing* SSL-connections to other servers, you need to add:
+If you want to use *outgoing* SSL-connections to other servers or accept
+incoming *server* connections, you need to add:
 
 ``` ini
 [SSL]