delay_warning = 1h : 24h : 2d
SECTION(global, tls)m4_dnl
-tls_certificate = CONF_sysconf_dir/server.certlist
+tls_certificate = CONF_certlist
tls_privatekey = CONF_sysconf_dir/server.key
tls_advertise_hosts = ${if exists {CONF_sysconf_dir/server.key} {*}{}}
tls_dhparam = CONF_ca_dir/dh-param-2048.pem
; 172.29.198.161 ; 2001:ba8:1d9:a000::1:1 m4_dnl national
)
+## TLS certificate list.
+DEFCONF(certlist, CONF_sysconf_dir/server.certlist)
+
## TLS-related settings. We're assuming GNUTLS here, rather than OpenSSL.
## For local connections we are very strict. For random clients, we try
## fairly hard to encourage any kind of crypto on the grounds that probably