docs: update the comments about loading CA certs with NSS

Bug: https://bugzilla.redhat.com/696783

diff --git a/docs/curl.1 b/docs/curl.1
index c2b6887..1aeeb46 100644 (file)
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -423,11 +423,8 @@ The windows version of curl will automatically look for a CA certs file named
 \'curl-ca-bundle.crt\', either in the same directory as curl.exe, or in the
 Current Working Directory, or in any folder along your PATH.
 
-If curl is built against the NSS SSL library then this option tells
-curl the nickname of the CA certificate to use within the NSS database
-defined by the environment variable SSL_DIR (or by default /etc/pki/nssdb).
-If the NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files
-may be loaded.
+If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module
+(libnsspem.so) needs to be available for this option to work properly.
 
 If this option is used several times, the last one will be used.
 .IP "--capath <CA certificate directory>"

diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
index 9d712a4..3d31aef 100644 (file)
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -2260,8 +2260,8 @@ even indicate an accessible file.
 This option is by default set to the system path where libcurl's cacert bundle
 is assumed to be stored, as established at build time.
 
-When built against NSS, this is the directory that the NSS certificate
-database resides in.
+If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module
+(libnsspem.so) needs to be available for this option to work properly.
 .IP CURLOPT_ISSUERCERT
 Pass a char * to a zero terminated string naming a file holding a CA
 certificate in PEM format. If the option is set, an additional check against