.......PS. [ZBXNEXT-2753] improved configuration file explananatory text

2 files changed, 38 insertions, 48 deletions

diff --git a/conf/zabbix_proxy.conf b/conf/zabbix_proxy.conf
index 27ff23520a3..22f9ec966ca 100644
--- a/conf/zabbix_proxy.conf
+++ b/conf/zabbix_proxy.conf
@@ -738,52 +738,47 @@ StatsAllowedIP=127.0.0.1
 # TLSPSKFile=
 
 ### Option: DBTLSConnect
-#	Setting this option enforces connecting to database using TLS.
-#	Supported option values:
-#		required	- connect with encryption
-#		verify_ca	- connect with encryption and check the certificate chain up to a trusted certificate
-#				authority (CA)
-#		verify_full	- connect with encryption and also verify that the server host name or IP address
-#				matches its certificate
+#	Setting this option enforces to use TLS connection to database.
+#	required    - connect using TLS
+#	verify_ca   - connect using TLS and verify certificate
+#	verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost
+#	              matches its certificate
 #	On MySQL starting with 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and
 #	"verify_full".
-#	On MariaDB starting from version 10.2.6 "required" and "verify_full" are supported.
-#	By default there are not set any connection options. Behaviour depends on database library compiled in.
+#	On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported.
+#	Default is not to set any option and behavior depends on database configuration
 #
 # Mandatory: no
 # Default:
 # DBTLSConnect=
 
-### Option: DBTLSCertFile
-#	Full pathname of file containing client certificate for
-#	authenticating to database
+### Option: DBTLSCAFile
+#	Full pathname of a file containing the top-level CA(s) certificates for database certificate verification.
 #	Supported only for MySQL and PostgreSQL
 #
 # Mandatory: no
+#	(yes, if DBTLSConnect set to one of: verify_ca, verify_full)
 # Default:
-# DBTLSCertFile=
+# DBTLSCAFile=
 
-### Option: DBTLSKeyFile
-#	Full pathname of file containing the private key for
-#	authenticating to database
+### Option: DBTLSCertFile
+#	Full pathname of file containing Zabbix proxy certificate for authenticating to database.
 #	Supported only for MySQL and PostgreSQL
 #
 # Mandatory: no
 # Default:
-# DBTLSKeyFile=
+# DBTLSCertFile=
 
-### Option: DBTLSCAFile
-#	The path name of the Certificate Authority (CA) certificate file.
-#	MySQL: This option, if used, must specify the same certificate used by the server.
+### Option: DBTLSKeyFile
+#	Full pathname of file containing the private key for authenticating to database.
 #	Supported only for MySQL and PostgreSQL
 #
 # Mandatory: no
-#	(yes, if DBTLSConnect set to one of: verify_ca, verify_full)
 # Default:
-# DBTLSCAFile=
+# DBTLSKeyFile=
 
 ### Option: DBTLSCipher
-#	The list of encryption ciphers the client permits for connections that use TLS protocols up through TLSv1.2
+#	The list of encryption ciphers that Zabbix proxy permits for TLS protocols up through TLSv1.2
 #	Supported only for MySQL
 #
 # Mandatory no
@@ -791,7 +786,7 @@ StatsAllowedIP=127.0.0.1
 # DBTLSCipher=
 
 ### Option: DBTLSCipher13
-#	The list of encryption ciphersuites the client permits for connections that use TLSv1.3
+#	The list of encryption ciphersuites that Zabbix proxy permits for TLSv1.3 protocol
 #	Supported only for MySQL, starting from version 8.0.16
 #
 # Mandatory no
diff --git a/conf/zabbix_server.conf b/conf/zabbix_server.conf
index af07d1bdf1b..165134da56f 100644
--- a/conf/zabbix_server.conf
+++ b/conf/zabbix_server.conf
@@ -722,52 +722,47 @@ StatsAllowedIP=127.0.0.1
 # TLSKeyFile=
 
 ### Option: DBTLSConnect
-#	Setting this option enforces connecting to database using TLS.
-#	Supported option values:
-#		required	- connect with encryption
-#		verify_ca	- connect with encryption and check the certificate chain up to a trusted certificate
-#				authority (CA)
-#		verify_full	- connect with encryption and also verify that the server host name or IP address
-#				matches its certificate
+#	Setting this option enforces to use TLS connection to database.
+#	required    - connect using TLS
+#	verify_ca   - connect using TLS and verify certificate
+#	verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost
+#	              matches its certificate
 #	On MySQL starting with 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and
 #	"verify_full".
-#	On MariaDB starting from version 10.2.6 "required" and "verify_full" are supported.
-#	By default there are not set any connection options. Behaviour depends on database library compiled in.
+#	On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported.
+#	Default is not to set any option and behavior depends on database configuration
 #
 # Mandatory: no
 # Default:
 # DBTLSConnect=
 
-### Option: DBTLSCertFile
-#	Full pathname of file containing client certificate for
-#	authenticating to database
+### Option: DBTLSCAFile
+#	Full pathname of a file containing the top-level CA(s) certificates for database certificate verification.
 #	Supported only for MySQL and PostgreSQL
 #
 # Mandatory: no
+#	(yes, if DBTLSConnect set to one of: verify_ca, verify_full)
 # Default:
-# DBTLSCertFile=
+# DBTLSCAFile=
 
-### Option: DBTLSKeyFile
-#	Full pathname of file containing the private key for
-#	authenticating to database
+### Option: DBTLSCertFile
+#	Full pathname of file containing Zabbix server certificate for authenticating to database.
 #	Supported only for MySQL and PostgreSQL
 #
 # Mandatory: no
 # Default:
-# DBTLSKeyFile=
+# DBTLSCertFile=
 
-### Option: DBTLSCAFile
-#	The path name of the Certificate Authority (CA) certificate file.
-#	MySQL: This option, if used, must specify the same certificate used by the server.
+### Option: DBTLSKeyFile
+#	Full pathname of file containing the private key for authenticating to database.
 #	Supported only for MySQL and PostgreSQL
 #
 # Mandatory: no
-#	(yes, if DBTLSConnect set to one of: verify_ca, verify_full)
 # Default:
-# DBTLSCAFile=
+# DBTLSKeyFile=
 
 ### Option: DBTLSCipher
-#	The list of encryption ciphers the client permits for connections that use TLS protocols up through TLSv1.2
+#	The list of encryption ciphers that Zabbix server permits for TLS protocols up through TLSv1.2
 #	Supported only for MySQL
 #
 # Mandatory no
@@ -775,7 +770,7 @@ StatsAllowedIP=127.0.0.1
 # DBTLSCipher=
 
 ### Option: DBTLSCipher13
-#	The list of encryption ciphersuites the client permits for connections that use TLSv1.3
+#	The list of encryption ciphersuites that Zabbix server permits for TLSv1.3 protocol
 #	Supported only for MySQL, starting from version 8.0.16
 #
 # Mandatory no