From 535c964b8a4855448b8cc39ec301831a2b96c3a9 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 18 Apr 2021 22:37:10 +0100 Subject: [PATCH] Docs: note caching of auto-generated server certificate --- doc/doc-docbook/spec.xfpt | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 56da191fa..1c7cf8eee 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -18341,8 +18341,12 @@ if the OpenSSL build supports TLS extensions and the TLS client sends the Server Name Indication extension, then this option and others documented in &<>& will be re-expanded. -If this option is unset or empty a fresh self-signed certificate will be -generated for every connection. +If this option is unset or empty a self-signed certificate will be +.new +used. +Under Linux this is generated at daemon startup; on other platforms it will be +generated fresh for every connection. +.wen .option tls_crl main string&!! unset .cindex "TLS" "server certificate revocation list" -- 2.39.5