commit 37c31eeae0bdaad6ea6b6038459b0553115f7e2e from: osmarks via: GitHub date: Sun Aug 4 16:05:10 2024 UTC Update documentation on CAFile ngIRCd 27 now checks server certificates, and without `CAFile` set will reject all server/server connections with a confusing error. Update documentation to say that `CAFile` is needed to accept incoming server connections. Closes #320. commit - acf8409c60ccc96beed0a1f990c4f9374823c0ce commit + 37c31eeae0bdaad6ea6b6038459b0553115f7e2e blob - a2e029b2af2dcfc18d5a4bf27b3be360e400a13a blob + c457e60e04be4db50557d8b86c2cb885ab65e450 --- doc/SSL.md +++ doc/SSL.md @@ -26,7 +26,7 @@ SSL-encrypted connections and plain-text connects can' port (which is a limitation of the IRC protocol); therefore you have to define separate port(s) in your `[SSL]` block in the configuration file. -A minimal configuration for *accepting* SSL-encrypted client & server +A minimal configuration for *accepting* SSL-encrypted client connections looks like this: ``` ini @@ -36,11 +36,12 @@ KeyFile = /etc/ssl/certs/my-privkey.pem Ports = 6697, 6698 ``` -In this case, the server only deals with *incoming* connections and never has to -validate SSL certificates itself, and therefore no "Certificate Authorities" are -needed. +In this case, the server only deals with unauthenticated incoming +connections and never has to validate SSL certificates itself, and therefore +no "Certificate Authorities" are needed. -If you want to use *outgoing* SSL-connections to other servers, you need to add: +If you want to use *outgoing* SSL-connections to other servers or accept +incoming *server* connections, you need to add: ``` ini [SSL]