commit 0acef7c598765e4cd786b875395c6601f7e41a19
from: Florian Westphal <fw@strlen.de>
date: Fri Jan 09 20:33:19 2009 UTC

documentation: gnutls does not support password-protected privkeys

already mentioned in man page and sample config file, but for
completeness also document it in doc/SSL.txt.

commit - 00c8dfa8beed7d5765f6f765714a72cb01832cac
commit + 0acef7c598765e4cd786b875395c6601f7e41a19
blob - 6b590b8681ee872633597f7dfc1928f3bf83a8f3
blob + 7207f1bf6c21ce61ca488e94c8303df1557c67ed
--- doc/SSL.txt
+++ doc/SSL.txt
@@ -20,8 +20,11 @@ options of the ./configure script to enable it:
   --with-openssl     enable SSL support using OpenSSL
   --with-gnutls      enable SSL support using GnuTLS
 
-You need a SSL certificate, see below for how to create a self-signed one.
+You also need a key/certificate, see below for how to create a self-signed one.
 
+From a feature point of view, ngIRCds support for both libraries is
+comparable. The only major difference (at this time) is that ngircd with gnutls
+does not support password protected private keys.
 
 Configuration
 ~~~~~~~~~~~~~
@@ -64,7 +67,7 @@ Create DH parameters (optional):
 Alternate approach using stunnel(1)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Alternatively (or if you are using ngIRCd without compiled without support
+Alternatively (or if you are using ngIRCd compiled without support
 for GnuTLS/OpenSSL), you can use external programs/tools like stunnel(1) to
 get SSL encrypted connections:
 
@@ -101,4 +104,7 @@ short "how-to", thanks Stefan!
 
     That's it.
     Don't forget to activate ssl support in your irc client ;)
+    The main drawback of this approach compared to using builtin ssl
+    is that from ngIRCds point of view, all ssl-enabled client connections will
+    originate from the host running stunnel.
 === snip ===