Imported Upstream version 2.7.1

docs/man/upsmon.conf.5

@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: upsmon.conf
 .\"    Author: [FIXME: author] [see http://docbook.sf.net/el/author]
-.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 08/07/2012
+.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+.\"      Date: 11/18/2013
 .\"    Manual: NUT Manual
-.\"    Source: Network UPS Tools
+.\"    Source: Network UPS Tools 2.7.1-pre2
 .\"  Language: English
 .\"
-.TH "UPSMON\&.CONF" "5" "08/07/2012" "Network UPS Tools" "NUT Manual"
+.TH "UPSMON\&.CONF" "5" "11/18/2013" "Network UPS Tools 2\&.7\&.1\-p" "NUT Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -171,7 +171,7 @@ If you need to use
 .sp
 Note that this is only called for NOTIFY events that have EXEC set with NOTIFYFLAG\&. See NOTIFYFLAG below for more details\&.
 .sp
-Making this some sort of shell script might not be a bad idea\&. For more information and ideas, see pager\&.txt in the docs directory\&.
+Making this some sort of shell script might not be a bad idea\&. For more information and ideas, see docs/scheduling\&.txt
 .sp
 Remember, this command also needs to be one element in the configuration file, so if your command has spaces, then wrap it in quotes\&.
 .sp
@@ -382,6 +382,52 @@ SHUTDOWNCMD "/sbin/shutdown \-h +0"
 .RE
 .\}
 .RE
+.PP
+\fBCERTPATH\fR \fIcertificate file or database\fR
+.RS 4
+When compiled with SSL support, you can enter the certificate path here\&.
+.PP
+With NSS:
+.RS 4
+Certificates are stored in a dedicated database (splitted in 3 files)\&. Specify the path of the database directory\&.
+.RE
+.PP
+With OpenSSL:
+.RS 4
+Directory containing CA certificates in PEM format, used to verify the server certificate presented by the upsd server\&. The files each contain one CA certificate\&. The files are looked up by the CA subject name hash value, which must hence be available\&.
+.RE
+.RE
+.PP
+\fBCERTIDENT\fR \fIcertificate name\fR \fIdatabase password\fR
+.RS 4
+When compiled with SSL support with NSS, you can specify the certificate name to retrieve from database to authenticate itself and the password required to access certificate related private key\&.
+.RE
+.PP
+\fBCERTHOST\fR \fIhostname\fR \fIcertificate name\fR \fIcertverify\fR \fIforcessl\fR
+.RS 4
+When compiled with SSL support with NSS, you can specify security directive for each server you can contact\&.
+.sp
+Each entry maps server name with the expected certificate name and flags indicating if the server certificate is verified and if the connection must be secure\&.
+.RE
+.PP
+\fBCERTVERIFY\fR \fI0 | 1\fR
+.RS 4
+When compiled with SSL support, make upsmon verify all connections with certificates\&.
+.sp
+Without this, there is no guarantee that the upsd is the right host\&. Enabling this greatly reduces the risk of man\-in\-the\-middle attacks\&. This effectively forces the use of SSL, so don\(cqt use this unless all of your upsd hosts are ready for SSL and have their certificates in order\&.
+.sp
+When compiled with NSS support of SSL, can be overriden for host specified with a CERTHOST directive\&.
+.RE
+.PP
+\fBFORCESSL\fR \fI0 | 1\fR
+.RS 4
+When compiled with SSL, specify that a secured connection must be used to communicate with upsd\&.
+.sp
+If you don\(cqt use
+\fICERTVERIFY 1\fR, then this will at least make sure that nobody can sniff your sessions without a large effort\&. Setting this will make upsmon drop connections if the remote upsd doesn\(cqt support SSL, so don\(cqt use it unless all of them have it running\&.
+.sp
+When compiled with NSS support of SSL, can be overriden for host specified with a CERTHOST directive\&.
+.RE
 .SH "SEE ALSO"
 .sp
 \fBupsmon\fR(8), \fBupsd\fR(8), \fBnutupsdrv\fR(8)\&.