|
|
@ -371,18 +371,26 @@ Use old versions only when the server has problems with newer ones. |
|
|
|
.. |
|
|
|
.. |
|
|
|
.TP |
|
|
|
.TP |
|
|
|
\fBSystemCertificates\fR \fByes\fR|\fBno\fR |
|
|
|
\fBSystemCertificates\fR \fByes\fR|\fBno\fR |
|
|
|
Whether the system's default root cerificate store should be loaded. |
|
|
|
Whether the system's default CA (certificate authority) certificate |
|
|
|
|
|
|
|
store should be used to verify certificate trust chains. Disable this |
|
|
|
|
|
|
|
if you want to trust only hand-picked certificates. |
|
|
|
(Default: \fByes\fR) |
|
|
|
(Default: \fByes\fR) |
|
|
|
.. |
|
|
|
.. |
|
|
|
.TP |
|
|
|
.TP |
|
|
|
\fBCertificateFile\fR \fIpath\fR |
|
|
|
\fBCertificateFile\fR \fIpath\fR |
|
|
|
File containing additional X.509 certificates used to verify server |
|
|
|
File containing additional X.509 certificates used to verify server |
|
|
|
identities. Directly matched peer certificates are always trusted, |
|
|
|
identities. |
|
|
|
regardless of validity. |
|
|
|
These certificates are always trusted, regardless of validity. |
|
|
|
.br |
|
|
|
.br |
|
|
|
Note that the system's default certificate store is always used |
|
|
|
The certificates from this file are matched only against the received |
|
|
|
(unless \fBSystemCertificates\fR is disabled) |
|
|
|
server certificate itself; CA certificates are \fBnot\fR supported here. |
|
|
|
and should not be specified here. |
|
|
|
Do \fBnot\fR specify the system's CA certificate store here; see |
|
|
|
|
|
|
|
\fBSystemCertificates\fR instead. |
|
|
|
|
|
|
|
.br |
|
|
|
|
|
|
|
The contents for this file may be obtained using the |
|
|
|
|
|
|
|
\fBmbsync-get-cert\fR tool; make sure to verify the fingerprints of the |
|
|
|
|
|
|
|
certificates before trusting them, or transfer them securely from the |
|
|
|
|
|
|
|
server's network (if it is trusted). |
|
|
|
.. |
|
|
|
.. |
|
|
|
.TP |
|
|
|
.TP |
|
|
|
\fBClientCertificate\fR \fIpath\fR |
|
|
|
\fBClientCertificate\fR \fIpath\fR |
|
|
|