You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by kl...@apache.org on 2014/10/27 11:58:42 UTC

couchdb commit: updated refs/heads/1.x.x to c3c9588

Repository: couchdb
Updated Branches:
  refs/heads/1.x.x 83cf448f0 -> c3c9588ca


Improve documentation of `cacert_file` ssl option

The documentation was incorrect insofar that it only described its
functionality for client verification, although the configuration is
used for server verification as well.


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/c3c9588c
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/c3c9588c
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/c3c9588c

Branch: refs/heads/1.x.x
Commit: c3c9588ca8d087419462dbffced3c15033375876
Parents: 83cf448
Author: Klaus Trainer <kl...@apache.org>
Authored: Mon Oct 27 11:55:14 2014 +0100
Committer: Klaus Trainer <kl...@apache.org>
Committed: Mon Oct 27 11:55:14 2014 +0100

----------------------------------------------------------------------
 share/doc/src/config/http.rst | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/c3c9588c/share/doc/src/config/http.rst
----------------------------------------------------------------------
diff --git a/share/doc/src/config/http.rst b/share/doc/src/config/http.rst
index 1ae3abe..4084be5 100644
--- a/share/doc/src/config/http.rst
+++ b/share/doc/src/config/http.rst
@@ -329,9 +329,12 @@ Secure Socket Level Options
 
   .. config:option:: cacert_file :: CA Certificate file
 
-    Path to file containing PEM encoded CA certificates (trusted certificates
-    used for verifying a peer certificate). May be omitted if you do not want
-    to verify the peer::
+    The path to a file containing PEM encoded CA certificates. The CA
+    certificates are used to build the server certificate chain, and for client
+    authentication. Also the CAs are used in the list of acceptable client CAs
+    passed to the client when a certificate is requested. May be omitted if
+    there is no need to verify the client and if there are not any intermediate
+    CAs for the server certificate::
 
       [ssl]
       cacert_file = /etc/ssl/certs/ca-certificates.crt