summaryrefslogtreecommitdiffstats
path: root/tcpd
diff options
context:
space:
mode:
Diffstat (limited to 'tcpd')
-rw-r--r--tcpd/couriertls.sgml10
-rw-r--r--tcpd/libcouriertls.h6
2 files changed, 16 insertions, 0 deletions
diff --git a/tcpd/couriertls.sgml b/tcpd/couriertls.sgml
index a7a8e72..0711654 100644
--- a/tcpd/couriertls.sgml
+++ b/tcpd/couriertls.sgml
@@ -236,6 +236,16 @@ for SSL/TLS clients.
</varlistentry>
<varlistentry>
+ <term>TLS_PRIVATE_KEYFILE=<replaceable>filename</replaceable></term>
+ <listitem>
+ <para>
+SSL/TLS private key for decrypting client data.
+<envar>TLS_PRIVATE_KEY</envar> is optional because <term>TLS_CERTFILE</term> is generated including cert and private key both.
+<replaceable>filename</replaceable> must not be world-readable.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>TLS_TRUSTCERTS=<replaceable>pathname</replaceable></term>
<listitem>
<para>
diff --git a/tcpd/libcouriertls.h b/tcpd/libcouriertls.h
index 17faabc..a45f910 100644
--- a/tcpd/libcouriertls.h
+++ b/tcpd/libcouriertls.h
@@ -325,6 +325,12 @@ TLS_CERTFILE is required for SSL/TLS servers, and is optional for SSL/TLS
clients. TLS_CERTFILE is usually treated as confidential, and must not be
world-readable.
+TLS_PRIVATE_KEYFILE - SSL/TLS private key for decrypting peer data.
+By default, courier generates SSL/TLS certifice including private key
+and install it in TLS_CERTFILE path, so TLS_PRIVATE_KEYFILE is completely
+optional. If TLS_PRIVATE_KEYFILE is not set (default), TLS_CERTFILE is
+treated as certificate including private key file.
+
TLS_TRUSTCERTS=pathname - load trusted root certificates from pathname.
pathname can be a file or a directory. If a file, the file should
contain a list of trusted certificates, in PEM format. If a
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-04 19:06:10 +0000