diff options
| -rw-r--r-- | bitlbee.conf | 20 | ||||
| -rw-r--r-- | doc/user-guide/commands.xml | 24 |
2 files changed, 39 insertions, 5 deletions
diff --git a/bitlbee.conf b/bitlbee.conf index c5dafd9f..e0b74f41 100644 --- a/bitlbee.conf +++ b/bitlbee.conf @@ -115,9 +115,9 @@ ## ## (Obviously, the username and password are optional) ## -## Proxy = http://john:doe@proxy.localnet.com:8080 -## Proxy = socks4://socksproxy.localnet.com -## Proxy = socks5://socksproxy.localnet.com +# Proxy = http://john:doe@proxy.localnet.com:8080 +# Proxy = socks4://socksproxy.localnet.com +# Proxy = socks5://socksproxy.localnet.com ## Protocols offered by bitlbee ## @@ -125,8 +125,20 @@ ## allows to remove the support of protocol, even if compiled in. If ## nothing is given, there are no restrictions. ## -## Protocols = jabber yahoo +# Protocols = jabber yahoo +## Trusted CAs +## +## Path to a file containing a list of trusted certificate authorities used in +## the verification of server certificates. +## +## Uncomment this and make sure the file actually exists and contains all +## certificate authorities you're willing to accept (default value should +## work on at least Debian/Ubuntu systems with the "ca-certificates" package +## installed). As long as the line is commented out, SSL certificate +## verification is completely disabled. +## +# CAfile = /etc/ssl/certs/ca-certificates.crt [defaults] diff --git a/doc/user-guide/commands.xml b/doc/user-guide/commands.xml index 3a9202dc..eb050c31 100644 --- a/doc/user-guide/commands.xml +++ b/doc/user-guide/commands.xml @@ -1391,7 +1391,11 @@ <description> <para> - Currently only available for Jabber connections. Set this to true if the server accepts SSL connections. + Currently only available for Jabber connections. Set this to true if you want to connect to the server on an SSL-enabled port (usually 5223). + </para> + + <para> + Please note that this method of establishing a secure connection to the server has long been deprecated. You are encouraged to look at the <emphasis>tls</emphasis> setting instead. </para> </description> </bitlbee-setting> @@ -1484,6 +1488,24 @@ </description> </bitlbee-setting> + <bitlbee-setting name="tls_verify" type="boolean" scope="account"> + <default>true</default> + + <description> + <para> + Currently only available for Jabber connections in combination with the <emphasis>tls</emphasis> setting. Set this to <emphasis>true</emphasis> if you want BitlBee to strictly verify the server's certificate against a list of trusted certificate authorities. + </para> + + <para> + The hostname used in the certificate verification is the value of the <emphasis>server</emphasis> setting if the latter is nonempty and the domain of the username else. If you get a hostname related error when connecting to Google Talk with a username from the gmail.com or googlemail.com domain, please try to empty the <emphasis>server</emphasis> setting. + </para> + + <para> + Please note that no certificate verification is performed when the <emphasis>ssl</emphasis> setting is used, or when the CAfile setting in bitlbee.conf is not set. + </para> + </description> + </bitlbee-setting> + <bitlbee-setting name="to_char" type="string" scope="global"> <default>": "</default> |