docs: fix and explain defaults for tls parameters

These parameters are relative to the private directory if it does not start with a /

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

5 files changed, 16 insertions, 6 deletions

diff --git a/docs-xml/smbdotconf/security/tlscafile.xml b/docs-xml/smbdotconf/security/tlscafile.xml
index ea2a595514..9c94535c48 100644
--- a/docs-xml/smbdotconf/security/tlscafile.xml
+++ b/docs-xml/smbdotconf/security/tlscafile.xml
@@ -7,6 +7,8 @@
 	 <para>This option can be set to a file (PEM format)
 		 containing CA certificates of root CAs to trust to sign
 		 certificates or intermediate CA certificates.</para>
+	 <para>This path is relative to <smbconfoption name="private dir"/> if the path
+	 does not start with a /.</para>
  </description>
 
  <related>tls certfile</related>
@@ -14,5 +16,5 @@
  <related>tls dh params file</related>
  <related>tls enabled</related>
  <related>tls keyfile</related>
- <value type="default"></value>
+ <value type="default">tls/ca.pem</value>
 </samba:parameter>
diff --git a/docs-xml/smbdotconf/security/tlscertfile.xml b/docs-xml/smbdotconf/security/tlscertfile.xml
index 317cb37c31..e951733491 100644
--- a/docs-xml/smbdotconf/security/tlscertfile.xml
+++ b/docs-xml/smbdotconf/security/tlscertfile.xml
@@ -6,12 +6,14 @@
  <description>
 	 <para>This option can be set to a file (PEM format)
 		 containing the RSA certificate. </para>
- </description>
+	 <para>This path is relative to <smbconfoption name="private dir"/> if the path
+	 does not start with a /.</para>
+</description>
 
  <related>tls keyfile</related>
  <related>tls crlfile</related>
  <related>tls dh params file</related>
  <related>tls enabled</related>
  <related>tls cafile</related>
- <value type="default"></value>
+ <value type="default">tls/cert.pem</value>
 </samba:parameter>
diff --git a/docs-xml/smbdotconf/security/tlscrlfile.xml b/docs-xml/smbdotconf/security/tlscrlfile.xml
index 442ff84166..afc30fe494 100644
--- a/docs-xml/smbdotconf/security/tlscrlfile.xml
+++ b/docs-xml/smbdotconf/security/tlscrlfile.xml
@@ -6,7 +6,9 @@
  <description>
 	 <para>This option can be set to a file containing a certificate
 		 revocation list (CRL).</para>
- </description>
+	 <para>This path is relative to <smbconfoption name="private dir"/> if the path
+	 does not start with a /.</para>
+</description>
 
  <related>tls certfile</related>
  <related>tls crlfile</related>
diff --git a/docs-xml/smbdotconf/security/tlsdhparamsfile.xml b/docs-xml/smbdotconf/security/tlsdhparamsfile.xml
index ba809c72f8..eee749b14b 100644
--- a/docs-xml/smbdotconf/security/tlsdhparamsfile.xml
+++ b/docs-xml/smbdotconf/security/tlsdhparamsfile.xml
@@ -7,7 +7,9 @@
 	 <para>This option can be set to a file with Diffie-Hellman parameters
 		 which will be used with EDH ciphers.
 	 </para>
- </description>
+	 <para>This path is relative to <smbconfoption name="private dir"/> if the path
+	 does not start with a /.</para>
+</description>
 
  <related>tls certfile</related>
  <related>tls crlfile</related>
diff --git a/docs-xml/smbdotconf/security/tlskeyfile.xml b/docs-xml/smbdotconf/security/tlskeyfile.xml
index a37a9381ee..e2724a6885 100644
--- a/docs-xml/smbdotconf/security/tlskeyfile.xml
+++ b/docs-xml/smbdotconf/security/tlskeyfile.xml
@@ -7,6 +7,8 @@
 	 <para>This option can be set to a file (PEM format)
 		 containing the RSA private key. This file must be accessible without
 		 a pass-phrase, i.e. it must not be encrypted.</para>
+	 <para>This path is relative to <smbconfoption name="private dir"/> if the path
+	 does not start with a /.</para>
  </description>
 
  <related>tls certfile</related>
@@ -14,5 +16,5 @@
  <related>tls dh params file</related>
  <related>tls enabled</related>
  <related>tls cafile</related>
- <value type="default"></value>
+ <value type="default">tls/key.pem</value>
 </samba:parameter>