From a8ad6b6531fae1c96cbda9248ee4d23d686b977c Mon Sep 17 00:00:00 2001
From: Tomas Kopecek <tkopecek@redhat.com>
Date: May 31 2021 13:20:01 +0000
Subject: [PATCH 1/2] drop old ClientCA reference


---

diff --git a/docs/source/server_howto.rst b/docs/source/server_howto.rst
index 0982285..2da3190 100644
--- a/docs/source/server_howto.rst
+++ b/docs/source/server_howto.rst
@@ -1008,7 +1008,6 @@ override all these values. So, you can use e.g.
 
     ## SSL authentication options
     ; WebCert = /etc/pki/koji/koji-web.pem
-    ; ClientCA = /etc/pki/koji/ca_cert.crt
     ; KojiHubCA = /etc/pki/koji/ca_cert.crt
 
     LoginTimeout = 72

From db057496a4a8893b4170e4188056dfde05e25e0a Mon Sep 17 00:00:00 2001
From: Tomas Kopecek <tkopecek@redhat.com>
Date: May 31 2021 13:30:47 +0000
Subject: [PATCH 2/2] web: better docs for KojiHubCA


Related: https://pagure.io/koji/issue/2878

---

diff --git a/www/conf/web.conf b/www/conf/web.conf
index 2be8578..4da640d 100644
--- a/www/conf/web.conf
+++ b/www/conf/web.conf
@@ -17,6 +17,8 @@ KojiFilesURL = http://server.example.com/kojifiles
 
 # SSL authentication options
 # WebCert = /etc/kojiweb/kojiweb.crt
+# KojiHubCA needs to be set only if system-wide CA bundle doesn't contain
+# it already. Note, that it will override that bundle.
 # KojiHubCA = /etc/kojiweb/kojihubca.crt
 
 LoginTimeout = 72