Changeset 25b05b7

Timestamp:

2011-12-19T17:34:06Z (12 years ago)

Author:

Wilmer van der Gaast <wilmer@…>

Branches:

master

Children:

a72dc2b

Parents:

af5764e

Message:

Doc update.

Files:

• bitlbee.conf (modified) (2 diffs)
• doc/user-guide/commands.xml (modified) (2 diffs)

bitlbee.conf

@@ -116 +116 @@
 ## (Obviously, the username and password are optional)
 ##
-## Proxy = http://john:doe@proxy.localnet.com:8080
-## Proxy = socks4://socksproxy.localnet.com
-## Proxy = socks5://socksproxy.localnet.com
+# Proxy = http://john:doe@proxy.localnet.com:8080
+# Proxy = socks4://socksproxy.localnet.com
+# Proxy = socks5://socksproxy.localnet.com
 
 ## Protocols offered by bitlbee
@@ -126 +126 @@
 ## nothing is given, there are no restrictions.
 ## 
-## Protocols = jabber yahoo
+# Protocols = jabber yahoo
 
+## Trusted CAs
+##
+## Path to a file containing a list of trusted certificate authorities used in
+## the verification of server certificates.
+##
+## Uncomment this and make sure the file actually exists and contains all
+## certificate authorities you're willing to accept (default value should
+## work on at least Debian/Ubuntu systems with the "ca-certificates" package
+## installed). As long as the line is commented out, SSL certificate
+## verification is completely disabled.
+##
+# CAfile = /etc/ssl/certs/ca-certificates.crt
 
 [defaults]

doc/user-guide/commands.xml

@@ -1392 +1392 @@
                 <description>
                         <para>
-                                Currently only available for Jabber connections. Set this to true if the server accepts SSL connections.
+                                Currently only available for Jabber connections. Set this to true if you want to connect to the server on an SSL-enabled port (usually 5223).
+                        </para>
+
+                        <para>
+                                Please note that this method of establishing a secure connection to the server has long been deprecated. You are encouraged to look at the <emphasis>tls</emphasis> setting instead.
                         </para>
                 </description>
@@ -1481 +1485 @@
                         <para>
                                 If you want to force BitlBee to use TLS sessions only (and to give up if that doesn't seem to be possible) you can set this setting to <emphasis>true</emphasis>. Set it to <emphasis>false</emphasis> if you want the session to remain plain-text.
+                        </para>
+                </description>
+        </bitlbee-setting>
+
+        <bitlbee-setting name="tls_verify" type="boolean" scope="account">
+                <default>true</default>
+
+                <description>
+                        <para>
+                                Currently only available for Jabber connections in combination with the <emphasis>tls</emphasis> setting. Set this to <emphasis>true</emphasis> if you want BitlBee to strictly verify the server's certificate against a list of trusted certificate authorities.
+                        </para>
+
+                        <para>
+                                The hostname used in the certificate verification is the value of the <emphasis>server</emphasis> setting if the latter is nonempty and the domain of the username else. If you get a hostname related error when connecting to Google Talk with a username from the gmail.com or googlemail.com domain, please try to empty the <emphasis>server</emphasis> setting.
+                        </para>
+
+                        <para>
+                                Please note that no certificate verification is performed when the <emphasis>ssl</emphasis> setting is used, or when the CAfile setting in bitlbee.conf is not set.
                         </para>
                 </description>