- In man page note that tls-cert-bundle is read before permission

drop and chroot.
2024-09-21 14:47:09 +00:00 · 2020-10-27 09:00:26 +01:00 · 2020-10-27 09:00:26 +01:00 · d104727c91
commit d104727c91
parent 4990dae87d
2 changed files with 6 additions and 1 deletions
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,3 +1,7 @@
+27 October 2020: Wouter
+	- In man page note that tls-cert-bundle is read before permission
+	  drop and chroot.
+
 22 October 2020: Wouter
 	- Fix #333: Unbound Segmentation Fault w/ log_info Functions From
 	  Python Mod.
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@ -522,7 +522,8 @@ Alternate syntax for \fBtls\-port\fR.
 If null or "", no file is used.  Set it to the certificate bundle file,
 for example "/etc/pki/tls/certs/ca\-bundle.crt".  These certificates are used
 for authenticating connections made to outside peers.  For example auth\-zone
-urls, and also DNS over TLS connections.
+urls, and also DNS over TLS connections.  It is read at start up before
+permission drop and chroot.
 .TP
 .B ssl\-cert\-bundle: \fI<file>
 Alternate syntax for \fBtls\-cert\-bundle\fR.