Improve documentation of `cacert_file` ssl option

The documentation was incorrect insofar that it only described its functionality for client verification, although the configuration is used for server verification as well.
author: Klaus Trainer <klaus_trainer@apache.org> 2014-10-27 11:55:14 +0100
committer: Klaus Trainer <klaus_trainer@apache.org> 2014-10-27 12:00:51 +0100
commit: 61d33cb64124535571e61e6ba1b5f353fb297a40 (patch)
tree: 384b4ff033836bb8992b153a3a71cdf8fcf52829
parent: 164cf5ed24cd79fbe3b308181de4cf6e4f33234e (diff)
download: couchdb-61d33cb64124535571e61e6ba1b5f353fb297a40.tar.gz
1 files changed, 6 insertions, 3 deletions
diff --git a/share/doc/src/config/http.rst b/share/doc/src/config/http.rst
index 1ae3abeaa..4084be5e0 100644
--- a/share/doc/src/config/http.rst
+++ b/share/doc/src/config/http.rst
@@ -329,9 +329,12 @@ Secure Socket Level Options
 
   .. config:option:: cacert_file :: CA Certificate file
 
-    Path to file containing PEM encoded CA certificates (trusted certificates
-    used for verifying a peer certificate). May be omitted if you do not want
-    to verify the peer::
+    The path to a file containing PEM encoded CA certificates. The CA
+    certificates are used to build the server certificate chain, and for client
+    authentication. Also the CAs are used in the list of acceptable client CAs
+    passed to the client when a certificate is requested. May be omitted if
+    there is no need to verify the client and if there are not any intermediate
+    CAs for the server certificate::
 
       [ssl]
       cacert_file = /etc/ssl/certs/ca-certificates.crt
author	Klaus Trainer <klaus_trainer@apache.org>	2014-10-27 11:55:14 +0100
committer	Klaus Trainer <klaus_trainer@apache.org>	2014-10-27 12:00:51 +0100
commit	61d33cb64124535571e61e6ba1b5f353fb297a40 (patch)
tree	384b4ff033836bb8992b153a3a71cdf8fcf52829
parent	164cf5ed24cd79fbe3b308181de4cf6e4f33234e (diff)
download	couchdb-61d33cb64124535571e61e6ba1b5f353fb297a40.tar.gz