Cherry-pick "Clarify that "CAFile" is not set by default"

debian/patches/1713563399.rel-27-rc1-6-g3e3f6cbe.clarify-that-cafile-is-not-set-by-default.patch

@@ -0,0 +1,28 @@
+Subject: Clarify that "CAFile" is not set by default
+Origin: rel-27-rc1-6-g3e3f6cbe
+Upstream-Author: Alexander Barton <alex@barton.de>
+Date: Fri Apr 19 23:49:59 2024 +0200
+
+--- a/doc/sample-ngircd.conf.tmpl
++++ b/doc/sample-ngircd.conf.tmpl
+@@ -266,7 +266,8 @@
+ 	# is only available when ngIRCd is compiled with support for SSL!
+ 	# So don't forget to remove the ";" above if this is the case ...
+ 
+-	# SSL Trusted CA Certificates File (for verifying peer certificates)
++	# SSL Trusted CA Certificates File for verifying peer certificates.
++	# (Default: not set; so no certificates are trusted)
+ 	;CAFile = /etc/ssl/CA/cacert.pem
+ 
+ 	# Certificate Revocation File (for marking otherwise valid
+--- a/man/ngircd.conf.5.tmpl
++++ b/man/ngircd.conf.5.tmpl
+@@ -387,7 +387,7 @@
+ .TP
+ \fBCAFile\fR (string)
+ Filename pointing to the Trusted CA Certificates. This is required for
+-verifying peer certificates.
++verifying peer certificates. Default: not set, so no certificates are trusted.
+ .TP
+ \fBCertFile\fR (string)
+ SSL Certificate file of the private server key.

debian/patches/series

@@ -20,6 +20,7 @@
 0019-S2S-TLS-Fix-make-check-in-separate-build-directory.patch
 0020-METADATA-Fix-unsetting-cloakhost.patch
 0001-S2S-SSL-GnuTLS-Enable-CRL-verification_26.1.patch
+1713563399.rel-27-rc1-6-g3e3f6cbe.clarify-that-cafile-is-not-set-by-default.patch
 
 # patches that should go upstream
 fix-race-in-testsuite.patch