From 37dcb74898f4ff7e211088cf831996ea5e2471f1 Mon Sep 17 00:00:00 2001
From: Alexander Barton <alex@barton.de>
Date: Thu, 11 Jan 2024 14:24:22 +0100
Subject: [PATCH 18/20] S2S-TLS: Add notice to INSTALL

(cherry picked from commit 6b27eabf5bdbc6bf6f71d7b1e7d059dfeab6849b)
---
 INSTALL | 11 +++++++++++
 1 file changed, 11 insertions(+)

--- a/INSTALL
+++ b/INSTALL
@@ -12,6 +12,17 @@
 I. Upgrade Information
 ~~~~~~~~~~~~~~~~~~~~~~
 
+- **Attention**:
+  Starting with release 27, ngIRCd validates SSL/TLS certificates on outgoing
+  server-server links by default and drops(!) connections when the remote
+  certificate is invalid (for example self-signed, expired, not matching the
+  host name, ...). Therefore you have to make sure that all relevant
+  *certificates are valid* (or to disable certificate validation on this
+  connection using the new `SSLVerify = false` setting in the affected
+  `[Server]` block, where the remote certificate is not valid and you can not
+  fix this issue).
+  And this change was backported to this ngIRCd release!
+
 Differences to version 22.x
 
 - The "NoticeAuth" ngircd.conf configuration variable has been renamed to