--version: print default cert paths, and document SSL_CERT_* in manpage

When Gene Heskett was updating his OpenSSL on Debian oldstable, we figured
that it might be helpful to print where OpenSSL goes look for the trusted
certificate. Add this information.

Also add documentation of OpenSSL's SSL_CERT_DIR/SSL_CERT_FILE environment
variables.

1 files changed, 13 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index 517fac1a..c386abaf 100644
--- a/NEWS
+++ b/NEWS
@@ -81,6 +81,19 @@ fetchmail-6.4.16 (not yet released):
   6.2.5 to 6.4.X duplicate suppression by entire raw header.
   Manpage bug found by Julian Bane debugging "duplicate message" behaviour.
 
+# FEATURE
+* fetchmail --version [fetchmail -V] now queries and prints the SSL/TLS
+  library's "SSL default trusted certificate" file or directory (mind the word
+  "default"), where the OpenSSL-compatible TLS implementation will look for
+  trusted root, meaning certification authority (CA), certificates.
+  NOTE 1: watch the output carefully if the line prints the defaults
+  or the configured path (without "default").
+  NOTE 2: SSL_CERT_DIR and SSL_CERT_FILE are documented environment variables
+  for OpenSSL 1.1.1 to override the *default* locations (those compiled into
+  OpenSSL or possibly in its configuration file).
+  This was added when Gene Heskett was debugging his setup and the
+  information "where does OpenSSL look" was missing.
+
 # KNOWN BUGS AND WORKAROUNDS
   (This section floats upwards through the NEWS file so it stays with the
   current release information)