From a00157c59640cbc341e0d4110d4e853c3da20908 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Sat, 30 Jan 2021 14:15:10 +0100 Subject: --version: print default cert paths, and document SSL_CERT_* in manpage When Gene Heskett was updating his OpenSSL on Debian oldstable, we figured that it might be helpful to print where OpenSSL goes look for the trusted certificate. Add this information. Also add documentation of OpenSSL's SSL_CERT_DIR/SSL_CERT_FILE environment variables. --- NEWS | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 517fac1a..c386abaf 100644 --- a/NEWS +++ b/NEWS @@ -81,6 +81,19 @@ fetchmail-6.4.16 (not yet released): 6.2.5 to 6.4.X duplicate suppression by entire raw header. Manpage bug found by Julian Bane debugging "duplicate message" behaviour. +# FEATURE +* fetchmail --version [fetchmail -V] now queries and prints the SSL/TLS + library's "SSL default trusted certificate" file or directory (mind the word + "default"), where the OpenSSL-compatible TLS implementation will look for + trusted root, meaning certification authority (CA), certificates. + NOTE 1: watch the output carefully if the line prints the defaults + or the configured path (without "default"). + NOTE 2: SSL_CERT_DIR and SSL_CERT_FILE are documented environment variables + for OpenSSL 1.1.1 to override the *default* locations (those compiled into + OpenSSL or possibly in its configuration file). + This was added when Gene Heskett was debugging his setup and the + information "where does OpenSSL look" was missing. + # KNOWN BUGS AND WORKAROUNDS (This section floats upwards through the NEWS file so it stays with the current release information) -- cgit v1.2.3