From 3948bb44ff30ebda9837480c42de7f0d384e4cb9 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Fri, 7 Mar 2008 13:16:58 +0000
Subject: Merge Daniel Richard G.'s --sslcommonname option. Exception from
 no-features policy on 6.3.X is made to keep people away from doing more
 dangerous things in order to get rid of CommonName mismatch warnings.

svn path=/branches/BRANCH_6-3/; revision=5165
---
 fetchmail.man | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'fetchmail.man')

diff --git a/fetchmail.man b/fetchmail.man
index 2db1689c..6e4a254c 100644
--- a/fetchmail.man
+++ b/fetchmail.man
@@ -439,6 +439,18 @@ it - every time you add or modify a certificate in the directory, you need
 to use the \fBc_rehash\fR tool (which comes with OpenSSL in the tools/
 subdirectory).
 .TP
+.B \-\-sslcommonname <common name>
+(Keyword: sslcommonname)
+Use of this option is discouraged. Before using it, contact your
+upstream and ask for a proper SSL certificate to be used. If the
+upstream is clueless, this option can be used to specify the name
+(CommonName) that fetchmail expects on the server certificate.  A
+correctly configured server will have this set to the hostname by which
+it is reached, and by default fetchmail will expect as much. Use this
+option when the CommonName is set to some other value, to avoid the
+"Server CommonName mismatch" warning, and only if the upstream can't be
+made to use proper certificates.
+.TP
 .B \-\-sslfingerprint <fingerprint>
 (Keyword: sslfingerprint)
 Specify the fingerprint of the server key (an MD5 hash of the key) in
-- 
cgit v1.2.3