doh_client_x509_auth: make it clear that root_ca is optional

This commit is contained in:
Frank Denis 2020-06-08 18:09:37 +02:00
parent 5db4365540
commit d766dc8bf7
1 changed files with 5 additions and 3 deletions

View File

@ -643,12 +643,14 @@ fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familys
# Use a X509 certificate to authenticate yourself when connecting to DoH servers.
# This is only useful if you are operating your own, private DoH server(s).
# (for DNSCrypt, see the `query_meta` feature instead)
# 'creds' maps servers to certificates, and supports multiple entries.
# If you are not using the standard root CA, an optional "root_ca"
# property set to the path to a root CRT file can be added to a server entry.
# [doh_client_x509_auth]
#
# creds = [
# { server_name='myserver', client_cert='client.crt', client_key='client.key', root_ca='ca.crt' }
# { server_name='myserver', client_cert='client.crt', client_key='client.key' }
# ]