[commit] isync_1_2_branch: fix CertificateFile docs & samples

Fri, 06 Nov 2015 13:41:13 -0800 

commit e054c575ead9d5b640ef6987f16691cb9e71ede9
Author: Oswald Buddenhagen <o...@users.sf.net>
Date:   Fri Nov 6 08:29:05 2015 +0100

    fix CertificateFile docs & samples
    
    the mbsync manual says explicitly that the system's default certificate
    store should *not* be specified.
    however, the isync manual talked about CA certificates, which is (and
    always was) exactly wrong.
    also adjust both .sample rc files.

 src/compat/isync.1        |    7 ++++++-
 src/compat/isyncrc.sample |    2 +-
 src/mbsyncrc.sample       |    1 -
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/compat/isync.1 b/src/compat/isync.1
index 527ca6a..fb9900f 100644
--- a/src/compat/isync.1
+++ b/src/compat/isync.1
@@ -259,7 +259,12 @@ established with the IMAP server.  (Default: \fIyes\fR)
 ..
 .TP
 \fBCertificateFile\fR \fIpath\fR
-File containing X.509 CA certificates used to verify server identities.
+File containing additional X.509 certificates used to verify server
+identities. Directly matched peer certificates are always trusted,
+regardless of validity.
+.br
+Note that the system's default certificate store is always used
+and should not be specified here.
 ..
 .TP
 \fBUseSSLv2\fR \fIyes\fR|\fIno\fR
diff --git a/src/compat/isyncrc.sample b/src/compat/isyncrc.sample
index 5a6cf10..0bc5d35 100644
--- a/src/compat/isyncrc.sample
+++ b/src/compat/isyncrc.sample
@@ -3,7 +3,7 @@
 #   doesn't specify it.
 
 # SSL server certificate file
-CertificateFile /etc/ssl/certs/ca-certificates.crt
+CertificateFile ~/.isync.certs
 
 # by default, expunge deleted messages (same as -e on command line)
 Expunge yes
diff --git a/src/mbsyncrc.sample b/src/mbsyncrc.sample
index c7d61c7..d82d1b8 100644
--- a/src/mbsyncrc.sample
+++ b/src/mbsyncrc.sample
@@ -26,7 +26,6 @@ Pass xxxxxxxx
 #  "Account Name" USERNAME
 #  "Password" PASSWORD
 #PassCmd "/usr/bin/security find-internet-password -w -a USERNAME -s 
IMAPSERVER ~/Library/Keychains/login.keychain"
-CertificateFile /etc/ssl/certs/ca-certificates.crt
 
 Channel work
 Master :work:

------------------------------------------------------------------------------
_______________________________________________
isync-devel mailing list
isync-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/isync-devel

Reply via email to