X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=lib%2Fssl.man;h=5f0215c01fbe866ead5e34cf744b29255287d361;hb=HEAD;hp=29e3db04fccf6887735f84cd750f10248e3436d2;hpb=02dd3123a0e312f1d33403e744af52dd6096f12d;p=sliver-openvswitch.git

diff --git a/lib/ssl.man b/lib/ssl.man
index 29e3db04f..5f0215c01 100644
--- a/lib/ssl.man
+++ b/lib/ssl.man
@@ -1,4 +1,8 @@
-.SS "Public Key Infrastructure Options"
+.de IQ
+.  br
+.  ns
+.  IP "\\$1"
+..
 .IP "\fB\-p\fR \fIprivkey.pem\fR"
 .IQ "\fB\-\-private\-key=\fIprivkey.pem\fR"
 Specifies a PEM file containing the private key used as \fB\*(PN\fR's
@@ -11,10 +15,16 @@ private key specified on \fB\-p\fR or \fB\-\-private\-key\fR to be
 trustworthy.  The certificate must be signed by the certificate
 authority (CA) that the peer in SSL connections will use to verify it.
 .
-.IP "\fB\-C\fR \fIswitch\-cacert.pem\fR"
-.IQ "\fB\-\-ca\-cert=\fIswitch\-cacert.pem\fR"
+.IP "\fB\-C\fR \fIcacert.pem\fR"
+.IQ "\fB\-\-ca\-cert=\fIcacert.pem\fR"
 Specifies a PEM file containing the CA certificate that \fB\*(PN\fR
 should use to verify certificates presented to it by SSL peers.  (This
 may be the same certificate that SSL peers use to verify the
 certificate specified on \fB\-c\fR or \fB\-\-certificate\fR, or it may
-beq a different one, depending on the PKI design in use.)
+be a different one, depending on the PKI design in use.)
+.
+.IP "\fB\-C none\fR"
+.IQ "\fB\-\-ca\-cert=none\fR"
+Disables verification of certificates presented by SSL peers.  This
+introduces a security risk, because it means that certificates cannot
+be verified to be those of known trusted hosts.