diff options
| -rw-r--r-- | fetchmail.man | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/fetchmail.man b/fetchmail.man index 38d95aa6..2f526827 100644 --- a/fetchmail.man +++ b/fetchmail.man @@ -1226,7 +1226,8 @@ protocol and negotiate TLS via special command. The \-\-sslcertck command line or sslcertck run control file option should be used to force strict certificate checking - see below. .PP -.B \-\-sslcertck is recommended: When connecting to an SSL or TLS encrypted server, the +.B \-\-sslcertck is recommended: +When connecting to an SSL or TLS encrypted server, the server presents a certificate to the client for validation. The certificate is checked to verify that the common name in the certificate matches the name of the server being contacted and that the effective @@ -1238,7 +1239,7 @@ certificate. If the \-\-sslcertck command line option or sslcertck run control file option is used, fetchmail will instead abort if any of these checks fail, because it must assume that there is a man-in-the-middle attack in this scenario, hence fetchmail must not -expose cleartest passwords. Use of the sslcertck or \-\-sslcertck option +expose cleartext passwords. Use of the sslcertck or \-\-sslcertck option is therefore advised. .PP Some SSL encrypted servers may request a client side certificate. A client |