explain how to read the certificate.

author Wouter Wijngaards <wouter@nlnetlabs.nl>

Fri, 20 Apr 2018 13:45:59 +0000 (13:45 +0000)

committer Wouter Wijngaards <wouter@nlnetlabs.nl>

Fri, 20 Apr 2018 13:45:59 +0000 (13:45 +0000)
author Wouter Wijngaards <wouter@nlnetlabs.nl>
Fri, 20 Apr 2018 13:45:59 +0000 (13:45 +0000)
committer Wouter Wijngaards <wouter@nlnetlabs.nl>
Fri, 20 Apr 2018 13:45:59 +0000 (13:45 +0000)
diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in

index 9b3625652457f11e980fea646adf6e6a33eef250..d6b4cef2753c79a83e6d9b29de2a50a500b2ef78 100644 (file)
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -1473,6 +1473,10 @@ To use a nondefault port for DNS communication append '@' with the port number.
  If tls is enabled, then you can append a '#' and a name, then it'll check
  the tls authentication certificates with that name.  If you combine
  the '@' and '#', the '@' comes first.
+.IP
+At high verbosity it logs the TLS certificate, with TLS enabled.
+If you leave out the '#' and auth name from the forward\-addr, any
+name is accepted.  The cert must also match a CA from the tls\-cert\-bundle.
  .TP
  .B forward\-first: \fI<yes or no>
  If enabled, a query is attempted without the forward clause if it fails.
author	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Fri, 20 Apr 2018 13:45:59 +0000 (13:45 +0000)
committer	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Fri, 20 Apr 2018 13:45:59 +0000 (13:45 +0000)