From 6404663b4588d606adfc06dbceeca24a4c748122 Mon Sep 17 00:00:00 2001
From: Luke Bratch <luke@bratch.co.uk>
Date: Thu, 2 Apr 2026 21:13:20 +0200
Subject: Remove/update deprecated OpenSSL functions, change certificate PEM
 loading to allow loading a chain rather than just a single certificate.

---
 config.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'config.c')

diff --git a/config.c b/config.c
index 2a8db43..2bfb38c 100644
--- a/config.c
+++ b/config.c
@@ -398,11 +398,13 @@ int createconfigfile(char *filename) {
   "# Things such as the logs directory will be placed below this\n"
   "#basedir = \"/home/foo/.blabouncer/\"\n"
   "\n"
-  "# Certificate file (defaults to <basedir>/cert.pem)\n"
+  "# Certificate chain PEM file (defaults to <basedir>/cert.pem)\n"
+  "# Can contain either a single certificate, or a chain of certificates starting with the subject and\n"
+  "# ending with the root issuer\n"
   "# If clienttls = \"0\" then this need not be set\n"
   "#certfile = \"/home/foo/.blabouncer/cert.pem\"\n"
   "\n"
-  "# Certificate key file (defaults to <basedir>/key.pem)\n"
+  "# Private key PEM file (defaults to <basedir>/key.pem)\n"
   "# If clienttls = \"0\" then this need not be set\n"
   "#keyfile = \"/home/foo/.blabouncer/key.pem\"\n"
   "\n"
-- 
cgit v1.3