From 2de7d2acfa285a571ca8fc0d21e9e382678f6087 Mon Sep 17 00:00:00 2001 From: Alexis Date: Thu, 23 Dec 2021 22:12:16 +1100 Subject: [PATCH] Update to 2.5.1.0. --- man8/s6-tlsd-io.8 | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/man8/s6-tlsd-io.8 b/man8/s6-tlsd-io.8 index f8fefca..a48d92a 100644 --- a/man8/s6-tlsd-io.8 +++ b/man8/s6-tlsd-io.8 @@ -236,6 +236,27 @@ and .Ev CERTFILE variables will be entirely ignored. .Pp +You can wildcard the first level of a SNI domain: you can point to a +valid certificate for +.Ql Ar foo Ns .example.com +for all values of +.Ar foo +via a variable called +.Ev CERTFILE:*.example.com +.Po +and have the corresponding +.Ev KEYFILE:*.example.com +.Pc . +Only the first level can be wildcarded, and this does not work for +top-level domains +.Po +you cannot hold a certificate for +.Ql *.com +.Pc . +Note: if you are using a shell to handle your environment variables, +be careful to properly quote them so that it does not attempt to +expand the asterisks. +.Pp If you are using client certificates, .Nm also requires either one of the following variables to be set: -- 2.45.2