From 37c31eeae0bdaad6ea6b6038459b0553115f7e2e Mon Sep 17 00:00:00 2001
From: osmarks <me@osmarks.net>
Date: Sun, 4 Aug 2024 17:05:10 +0100
Subject: Update documentation on CAFile

ngIRCd 27 now checks server certificates, and without `CAFile` set will
reject all server/server connections with a confusing error.

Update documentation to say that `CAFile` is needed to accept incoming
server connections.

Closes #320.
---
 doc/SSL.md | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/doc/SSL.md b/doc/SSL.md
index a2e029b2..c457e60e 100644
--- a/doc/SSL.md
+++ b/doc/SSL.md
@@ -26,7 +26,7 @@ SSL-encrypted connections and plain-text connects can't run on the same network
 port (which is a limitation of the IRC protocol); therefore you have to define
 separate port(s) in your `[SSL]` block in the configuration file.
 
-A minimal configuration for *accepting* SSL-encrypted client & server
+A minimal configuration for *accepting* SSL-encrypted client
 connections looks like this:
 
 ``` ini
@@ -36,11 +36,12 @@ KeyFile = /etc/ssl/certs/my-privkey.pem
 Ports = 6697, 6698
 ```
 
-In this case, the server only deals with *incoming* connections and never has to
-validate SSL certificates itself, and therefore no "Certificate Authorities" are
-needed.
+In this case, the server only deals with unauthenticated incoming
+connections and never has to validate SSL certificates itself, and therefore
+no "Certificate Authorities" are needed.
 
-If you want to use *outgoing* SSL-connections to other servers, you need to add:
+If you want to use *outgoing* SSL-connections to other servers or accept
+incoming *server* connections, you need to add:
 
 ``` ini
 [SSL]
-- 
cgit 1.4.1