Lines 1-23
Link Here
|
1 |
--- doc/mpop.1.orig 2009-10-05 16:47:15.000000000 -0300 |
1 |
--- doc/mpop.1.orig 2009-10-05 16:47:15.000000000 -0300 |
2 |
+++ doc/mpop.1 2009-10-24 12:18:19.000000000 -0200 |
2 |
+++ doc/mpop.1 2009-10-24 12:18:19.000000000 -0200 |
3 |
@@ -333,6 +333,11 @@ |
3 |
@@ -305,8 +305,8 @@ intermediate CAs.) |
4 |
.br |
4 |
.br |
5 |
On Debian based systems, you can install the \fBca\-certificates\fP package and |
5 |
The list of trusted CAs is specified using the \fBtls_trust_file\fP command. |
6 |
use the file \fB/etc/ssl/certs/ca\-certificates.crt\fP. |
6 |
Usually there is some system-wide default file available, e.g. |
7 |
++.br |
7 |
-/etc/ssl/certs/ca\-certificates.crt on Debian-based systems, but you can |
8 |
+On FreeBSD based systems, you can install the \fBsecurity/ca_root_nss\fP port and |
8 |
-also choose to select the trusted CAs yourself. |
9 |
++use the file \fB/usr/local/share/certs/ca-root-nss.crt\fP. Please note that if |
9 |
+/usr/local/share/certs/ca\-root\-nss.crt on FreeBSD and DragonFly systems, |
10 |
++you are installing mpop from ports with OpenSSL or gnutls support, |
10 |
+but you can also choose to select the trusted CAs yourself. |
11 |
++the \fBsecurity/ca_root_nss\fP port will be installed automaticly. |
|
|
12 |
.br |
11 |
.br |
13 |
An empty argument disables this feature. |
12 |
One practical problem with this approach is that the client program should also |
|
|
13 |
check if the server certificate has been revoked for some reason, using a |
14 |
@@ -350,8 +350,8 @@ or tunnel the session through TLS (\fIof |
15 |
.IP "tls_trust_file \fIfile\fP" |
16 |
Activate server certificate verification using a list of truted Certification |
17 |
Authorities (CAs). The file must be in PEM format. Some systems provide a |
18 |
-system-wide default file, e.g. /etc/ssl/certs/ca\-certificates.crt on |
19 |
-Debian-based systems with the ca\-certificates package. |
20 |
+system-wide default file, e.g. /usr/local/share/certs/ca\-root\-nss.crt on |
21 |
+FreeBSD and DragonFly with ca_root_nss package or security/ca_root_nss port. |
22 |
An empty argument disables this. You should also use \fBtls_crl_file\fP. |
14 |
.IP "tls_crl_file [\fIfile\fP]" |
23 |
.IP "tls_crl_file [\fIfile\fP]" |
15 |
@@ -457,7 +462,7 @@ |
24 |
Set a certificate revocation list (CRL) file for TLS, to check for revoked |
|
|
25 |
@@ -542,7 +542,7 @@ tls on |
16 |
.br |
26 |
.br |
17 |
# Enable full TLS certificate checks. |
27 |
# as in this example, or download the root certificate of your CA and use that. |
18 |
.br |
28 |
.br |
19 |
-tls_trust_file /etc/ssl/certs/ca\-certificates.crt |
29 |
-tls_trust_file /etc/ssl/certs/ca\-certificates.crt |
20 |
+tls_trust_file /usr/local/share/certs/ca-root-nss.crt |
30 |
+tls_trust_file /usr/local/share/certs/ca\-root\-nss.crt |
21 |
.br |
31 |
.br |
22 |
# Use the POP3-over-TLS variant instead of the STARTTLS variant. |
32 |
|
23 |
.br |
33 |
.br |