tests: Add detailed test for OF1.0 match decoding and encoding.

[openvswitch] / lib / ssl-peer-ca-cert.man

diff --git a/lib/ssl-peer-ca-cert.man b/lib/ssl-peer-ca-cert.man
index 183f93ea24db62c614446a13e02a43a2a7595ce1..5450b9ef477c3d8837c50558cf13927a469c58cd 100644 (file)
--- a/lib/ssl-peer-ca-cert.man
+++ b/lib/ssl-peer-ca-cert.man
@@ -1,12 +1,13 @@
-.IP "\fB--peer-ca-cert=\fIpeer-cacert.pem\fR"
+.IP "\fB\-\-peer\-ca\-cert=\fIpeer-cacert.pem\fR"

 Specifies a PEM file that contains one or more additional certificates
 to send to SSL peers.  \fIpeer-cacert.pem\fR should be the CA
 Specifies a PEM file that contains one or more additional certificates
 to send to SSL peers.  \fIpeer-cacert.pem\fR should be the CA

-certificate used to sign the \fB\*(PN\fR own certificate (the
-certificate specified on \fB-c\fR or \fB--certificate\fR).
+certificate used to sign \fB\*(PN\fR's own certificate, that is, the
+certificate specified on \fB\-c\fR or \fB\-\-certificate\fR.  If
+\fB\*(PN\fR's certificate is self-signed, then \fB\-\-certificate\fR
+and \fB\-\-peer\-ca\-cert\fR should specify the same file.

 .IP
 This option is not useful in normal operation, because the SSL peer
 must already have the CA certificate for the peer to have any
 .IP
 This option is not useful in normal operation, because the SSL peer
 must already have the CA certificate for the peer to have any

-confidence in \fB\*(PN\fR's identity.  However, this option allows a
-newly installed switch to obtain the peer CA certificate on first boot
-using, e.g., the \fB\-\-bootstrap-ca-cert\fR option to
-\fBovs\-openflowd\fR(8).
+confidence in \fB\*(PN\fR's identity.  However, this offers a way for
+a new installation to bootstrap the CA certificate on its first SSL
+connection.