|
When I completed TOOLS-1142, I didn't think that documentation was needed, but now I realize that there are a couple of changes that should be made.
In the old functionality, if one didn't supply a --sslCAFile flag, we didn't validate certificates. So that the absence of --sslCAFile was treated like the presence of --sslAllowInvalidCertificates. There is a warning to this effect. The warning is now out of date, and should be updated to reflect that this only occurred in 3.0 and 3.2.
In the new functionality, if one don't specify a --sslCAFile, we load the system CA file. This means that we probably want to reword the documentation of --sslCAFile to indicate that proving a CA File causes the certs to be validated against the provided CA file instead of being validated against the system CA file.
|