base/SOURCES/openldap-openssl-manpage-defaultCA.patch

Reference default system-wide CA certificates in manpages

OpenSSL, unless explicitly configured, uses system-wide default set of CA
certificates.

Author: Matus Honek <mhonek@redhat.com>

diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
--- a/doc/man/man5/ldap.conf.5
+++ b/doc/man/man5/ldap.conf.5
@@ -307,6 +307,9 @@ are more options you can specify.  These options are used when an
 .B ldaps:// URI
 is selected (by default or otherwise) or when the application
 negotiates TLS by issuing the LDAP StartTLS operation.
+.LP
+When using OpenSSL, if neither  \fBTLS_CACERT\fP nor \fBTLS_CACERTDIR\fP
+is set, the system-wide default set of CA certificates is used.
 .TP
 .B TLS_CACERT <filename>
 Specifies the file that contains certificates for all of the Certificate
diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5
--- a/doc/man/man5/slapd-config.5
+++ b/doc/man/man5/slapd-config.5
@@ -801,6 +801,10 @@ If
 .B slapd
 is built with support for Transport Layer Security, there are more options
 you can specify.
+.LP
+When using OpenSSL, if neither  \fBolcTLSCACertificateFile\fP nor
+\fBolcTLSCACertificatePath\fP is set, the system-wide default set of CA
+certificates is used.
 .TP
 .B olcTLSCipherSuite: <cipher-suite-spec>
 Permits configuring what ciphers will be accepted and the preference order.
diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -1032,6 +1032,10 @@ If
 .B slapd
 is built with support for Transport Layer Security, there are more options
 you can specify.
+.LP
+When using OpenSSL, if neither  \fBTLSCACertificateFile\fP nor
+\fBTLSCACertificatePath\fP is set, the system-wide default set of CA
+certificates is used.
 .TP
 .B TLSCipherSuite <cipher-suite-spec>
 Permits configuring what ciphers will be accepted and the preference order.