It's been a week or so, so bumping. (Benno was kind enough to offer a review but was time-poor recently.)
Here's a diff for the manpage too. Ashe Index: usr.sbin/relayd/relayd.conf.5 =================================================================== RCS file: /home/kivikakk/cvsync/root/src/usr.sbin/relayd/relayd.conf.5,v retrieving revision 1.187 retrieving revision 1.187.6.1 diff -u -p -r1.187 -r1.187.6.1 --- usr.sbin/relayd/relayd.conf.5 6 Aug 2018 18:26:29 -0000 1.187 +++ usr.sbin/relayd/relayd.conf.5 30 Nov 2018 21:10:06 -0000 1.187.6.1 @@ -939,6 +939,10 @@ will be used (strong crypto cipher suite See the CIPHERS section of .Xr openssl 1 for information about SSL/TLS cipher suites and preference lists. +.It Ic client ca Ar path +Require TLS client certificates whose authenticity can be verified +against the CA certificate(s) in the specified file in order to +proceed beyond the TLS handshake. .It Ic client-renegotiation Allow client-initiated renegotiation. To mitigate a potential DoS risk,
