From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 27 Oct 2020 08:00:26 +0000 (+0100)
Subject: - In man page note that tls-cert-bundle is read before permission
X-Git-Tag: release-1.13.0rc1~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d104727c911cc6147bdec458831c606ecc853da6;p=thirdparty%2Funbound.git

- In man page note that tls-cert-bundle is read before permission
  drop and chroot.
---

diff --git a/doc/Changelog b/doc/Changelog
index 1201081d2..181aaad05 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+27 October 2020: Wouter
+	- In man page note that tls-cert-bundle is read before permission
+	  drop and chroot.
+
 22 October 2020: Wouter
 	- Fix #333: Unbound Segmentation Fault w/ log_info Functions From
 	  Python Mod.
diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index 0b73480aa..84805f90f 100644
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -522,7 +522,8 @@ Alternate syntax for \fBtls\-port\fR.
 If null or "", no file is used.  Set it to the certificate bundle file,
 for example "/etc/pki/tls/certs/ca\-bundle.crt".  These certificates are used
 for authenticating connections made to outside peers.  For example auth\-zone
-urls, and also DNS over TLS connections.
+urls, and also DNS over TLS connections.  It is read at start up before
+permission drop and chroot.
 .TP
 .B ssl\-cert\-bundle: \fI<file>
 Alternate syntax for \fBtls\-cert\-bundle\fR.