Docs: note caching of auto-generated server certificate

author Jeremy Harris <jgh146exb@wizmail.org>

Sun, 18 Apr 2021 21:37:10 +0000 (22:37 +0100)

committer Jeremy Harris <jgh146exb@wizmail.org>

Sun, 18 Apr 2021 21:37:10 +0000 (22:37 +0100)
author Jeremy Harris <jgh146exb@wizmail.org>
Sun, 18 Apr 2021 21:37:10 +0000 (22:37 +0100)
committer Jeremy Harris <jgh146exb@wizmail.org>
Sun, 18 Apr 2021 21:37:10 +0000 (22:37 +0100)
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt

index 56da191fa63da6e2d4c8b9e1416bce3d2c55a721..1c7cf8eeefc2c8621f80bfa5eb00795c21dfafc0 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -18341,8 +18341,12 @@ if the OpenSSL build supports TLS extensions and the TLS client sends the
  Server Name Indication extension, then this option and others documented in
  &<<SECTtlssni>>& will be re-expanded.
  
-If this option is unset or empty a fresh self-signed certificate will be
-generated for every connection.
+If this option is unset or empty a self-signed certificate will be
+.new
+used.
+Under Linux this is generated at daemon startup; on other platforms it will be
+generated fresh for every connection.
+.wen
  
  .option tls_crl main string&!! unset
  .cindex "TLS" "server certificate revocation list"
author	Jeremy Harris <jgh146exb@wizmail.org>
	Sun, 18 Apr 2021 21:37:10 +0000 (22:37 +0100)
committer	Jeremy Harris <jgh146exb@wizmail.org>
	Sun, 18 Apr 2021 21:37:10 +0000 (22:37 +0100)