Hi Theo,

Thanks for taking the time to take another look at the patch!

> > diff --git usr.sbin/relayd/relayd.conf.5 usr.sbin/relayd/relayd.conf.5
> > index 50c73cbec15..771d3632398 100644
> > --- usr.sbin/relayd/relayd.conf.5
> > +++ usr.sbin/relayd/relayd.conf.5
> > @@ -954,6 +954,10 @@ will be used (strong crypto cipher suites without anonymous DH).
> >  See the CIPHERS section of
> >  .Xr openssl 1
> >  for information about TLS cipher suites and preference lists.
> > +.It Ic client ca Ar path
> > +Require TLS client certificates whose authenticity can be verified
> > +against the CA certificate(s) in the specified file in order to
> > +proceed beyond the TLS handshake.
> 
> Maybe this could be simplified to
> 
> 	Require TLS client certificates that can be verified against the CA
> 	certificates in the specified file.
> 
> Other than that the diff looks good to me and I think it should go in

Good catch, this seems better worded to me too.

Feel free to change it accordingly!

Sincerely
Sören