Clarify the require* connect block options and document the sslinfo module operonly option.

1 files changed, 23 insertions, 13 deletions

diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example
index 517c55720..d78e2d123 100644
--- a/docs/conf/modules.conf.example
+++ b/docs/conf/modules.conf.example
@@ -2075,7 +2075,7 @@
 #<module name="sslrehashsignal">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# GnuTLS SSL module: Adds support for SSL connections using GnuTLS,
+# GnuTLS SSL module: Adds support for SSL/TLS connections using GnuTLS,
 # if enabled. You must answer 'yes' in ./configure when asked or
 # manually symlink the source for this module from the directory
 # src/modules/extra, if you want to enable this, or it will not load.
@@ -2088,25 +2088,35 @@
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # SSL info module: Allows users to retrieve information about other
-# users' peer SSL certificates and keys. This can be used by client
-# scripts to validate users. For this to work, one of ssl_gnutls
-# or ssl_openssl must be loaded. This module also adds the
-# "* <user> is using a secure connection" whois line, the ability for
-# opers to use SSL cert fingerprints to verify their identity and the
-# ability to force opers to use SSL connections in order to oper up.
-# It is highly recommended to load this module if you use SSL on your
-# network.
-# For how to use the oper features, please see the first example <oper> tag
-# in opers.conf.example.
+# users' peer SSL certificates and keys via the SSLINFO command.
+# This can be used by client scripts to validate users. For this to
+# work, one of ssl_gnutls, ssl_mbedtls or ssl_openssl must be loaded.
+# This module also adds the "<user> is using a secure connection"
+# and "<user> has client certificate fingerprint <fingerprint>"
+# WHOIS lines, the ability for opers to use SSL cert fingerprints to
+# verify their identity and the ability to force opers to use SSL
+# connections in order to oper up. It is highly recommended to load
+# this module if you use SSL on your network.
+# For how to use the oper features, please see the first
+# example <oper> tag in opers.conf.example.
 #
 #<module name="sslinfo">
+#
+# If you want to prevent users from viewing SSL certificate information
+# and fingerprints of other users, set operonly to yes.
+#<sslinfo operonly="no">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # mbedTLS SSL module: Adds support for SSL/TLS connections using mbedTLS.
 #<module name="ssl_mbedtls">
+#
+#-#-#-#-#-#-#-#-#-#-#- MBEDTLS CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#
+#                                                                     #
+# ssl_mbedtls is too complex to describe here, see the docs:          #
+# https://docs.inspircd.org/3/modules/ssl_mbedtls                     #
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# OpenSSL SSL module: Adds support for SSL connections using OpenSSL,
+# OpenSSL SSL module: Adds support for SSL/TLS connections using OpenSSL,
 # if enabled. You must answer 'yes' in ./configure when asked or symlink
 # the source for this module from the directory src/modules/extra, if
 # you want to enable this, or it will not load.
@@ -2179,7 +2189,7 @@
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # StartTLS module: Implements STARTTLS, which allows clients          #
 # connected to non SSL enabled ports to enable SSL, if a proper SSL   #
-# module is loaded (either ssl_gnutls or ssl_openssl).                #
+# module is loaded (either ssl_gnutls, ssl_mbedtls or ssl_openssl).   #
 #<module name="starttls">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#