Optionally validate certificates on TLS server links

[ngircd-alex.git] / doc / sample-ngircd.conf.tmpl

diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl
index b5db1d9e1edffa5af2070dfc27bf9fa990590ce6..a4d58b945024f1ff050fe817a58333b56351066a 100644 (file)
--- a/doc/sample-ngircd.conf.tmpl
+++ b/doc/sample-ngircd.conf.tmpl
@@ -251,6 +251,13 @@
        # is only available when ngIRCd is compiled with support for SSL!
        # So don't forget to remove the ";" above if this is the case ...
 
+       # SSL Trusted CA Certificates File (for verifying peer certificates)
+       ;CAFile = /etc/ssl/CA/cacert.pem
+
+       # Certificate Revocation File (for marking otherwise valid
+       # certficates as invalid)
+       ;CRLFile = /etc/ssl/CA/crl.pem
+
        # SSL Server Key Certificate
        ;CertFile = :ETCDIR:/ssl/server-cert.pem
 
@@ -275,6 +282,9 @@
        # Additional Listen Ports that expect SSL/TLS encrypted connections
        ;Ports = 6697, 9999
 
+       # Enforce Client Certificates? (Default: false)
+       ;RequireClientCert = false
+
 [Operator]
        # [Operator] sections are used to define IRC Operators. There may be
        # more than one [Operator] block, one for each local operator.