From 3e3f6cbeceefd9357b53b27c2386bb39306ab353 Mon Sep 17 00:00:00 2001
From: Alexander Barton <alex@barton.de>
Date: Fri, 19 Apr 2024 23:49:59 +0200
Subject: [PATCH] Clarify that "CAFile" is not set by default

---
 doc/sample-ngircd.conf.tmpl | 3 ++-
 man/ngircd.conf.5.tmpl      | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl
index 5f9cb9eb..2a08bb43 100644
--- a/doc/sample-ngircd.conf.tmpl
+++ b/doc/sample-ngircd.conf.tmpl
@@ -273,7 +273,8 @@
 	# is only available when ngIRCd is compiled with support for SSL!
 	# So don't forget to remove the ";" above if this is the case ...
 
-	# SSL Trusted CA Certificates File (for verifying peer certificates)
+	# SSL Trusted CA Certificates File for verifying peer certificates.
+	# (Default: not set; so no certificates are trusted)
 	;CAFile = /etc/ssl/CA/cacert.pem
 
 	# Certificate Revocation File (for marking otherwise valid
diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl
index 66d3598d..68ee9093 100644
--- a/man/ngircd.conf.5.tmpl
+++ b/man/ngircd.conf.5.tmpl
@@ -399,7 +399,7 @@ when it is compiled with support for SSL using OpenSSL or GnuTLS!
 .TP
 \fBCAFile\fR (string)
 Filename pointing to the Trusted CA Certificates. This is required for
-verifying peer certificates.
+verifying peer certificates. Default: not set, so no certificates are trusted.
 .TP
 \fBCertFile\fR (string)
 SSL Certificate file of the private server key.
-- 
2.39.2