Optionally validate certificates on TLS server links

[ngircd-alex.git] / man / ngircd.conf.5.tmpl

diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl
index 0d57f902d46c4b5a0fb5f8cc3651a4030694554b..f3830456a5dff5b82b254c6650073ce82debfee3 100644 (file)
--- a/man/ngircd.conf.5.tmpl
+++ b/man/ngircd.conf.5.tmpl
@@ -370,6 +370,13 @@ All SSL-related configuration variables are located in the
 section. Please note that this whole section is only recognized by ngIRCd
 when it is compiled with support for SSL using OpenSSL or GnuTLS!
 .TP
+\fBCAFile (string)\fR
+Filename pointing to the Trusted CA Certificates. This is required for
+verifying peer certificates and must be set if <RequireClientCert> is set.
+.TP
+\fBCRLFile (string)\fR
+Filename of Certificate Revocation List.
+.TP
 \fBCertFile\fR (string)
 SSL Certificate file of the private server key.
 .TP
@@ -398,6 +405,10 @@ OpenSSL only: Password to decrypt the private key file.
 Same as \fBPorts\fR , except that ngIRCd will expect incoming connections
 to be SSL/TLS encrypted. Common port numbers for SSL-encrypted IRC are 6669
 and 6697. Default: none.
+.TP
+\fBRequireClientCert (boolean)\fR
+Do not accept SSL connections from clients that do not have a valid certificate. Defaults to false.
+Also see \fBSSLVerify\fR below.
 .SH [OPERATOR]
 .I [Operator]
 sections are used to define IRC Operators. There may be more than one