Skip to content

improve documentation on certificate authentication

Now the bits and pieces are all over the documentation but there is not a single section which can answer all the following:

  • how the CA trust store is set, system vs custom, system via p11-kit DB vs files
  • what do the verify functions cover (verification of signatures, checking for right name, checking against OCSP responses, CRL lists, blacklists in case of p11-kit DB, etc)
  • trust lists

We should re-organize and add documentation in order to provide an easy to read section for users to understand the current certificate validation subsystem.