From e054c575ead9d5b640ef6987f16691cb9e71ede9 Mon Sep 17 00:00:00 2001 From: Oswald Buddenhagen Date: Fri, 6 Nov 2015 08:29:05 +0100 Subject: [PATCH] fix CertificateFile docs & samples the mbsync manual says explicitly that the system's default certificate store should *not* be specified. however, the isync manual talked about CA certificates, which is (and always was) exactly wrong. also adjust both .sample rc files. --- src/compat/isync.1 | 7 ++++++- src/compat/isyncrc.sample | 2 +- src/mbsyncrc.sample | 1 - 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/compat/isync.1 b/src/compat/isync.1 index 527ca6a..fb9900f 100644 --- a/src/compat/isync.1 +++ b/src/compat/isync.1 @@ -259,7 +259,12 @@ established with the IMAP server. (Default: \fIyes\fR) .. .TP \fBCertificateFile\fR \fIpath\fR -File containing X.509 CA certificates used to verify server identities. +File containing additional X.509 certificates used to verify server +identities. Directly matched peer certificates are always trusted, +regardless of validity. +.br +Note that the system's default certificate store is always used +and should not be specified here. .. .TP \fBUseSSLv2\fR \fIyes\fR|\fIno\fR diff --git a/src/compat/isyncrc.sample b/src/compat/isyncrc.sample index 5a6cf10..0bc5d35 100644 --- a/src/compat/isyncrc.sample +++ b/src/compat/isyncrc.sample @@ -3,7 +3,7 @@ # doesn't specify it. # SSL server certificate file -CertificateFile /etc/ssl/certs/ca-certificates.crt +CertificateFile ~/.isync.certs # by default, expunge deleted messages (same as -e on command line) Expunge yes diff --git a/src/mbsyncrc.sample b/src/mbsyncrc.sample index c7d61c7..d82d1b8 100644 --- a/src/mbsyncrc.sample +++ b/src/mbsyncrc.sample @@ -26,7 +26,6 @@ Pass xxxxxxxx # "Account Name" USERNAME # "Password" PASSWORD #PassCmd "/usr/bin/security find-internet-password -w -a USERNAME -s IMAPSERVER ~/Library/Keychains/login.keychain" -CertificateFile /etc/ssl/certs/ca-certificates.crt Channel work Master :work: