From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Fri, 20 Apr 2018 13:45:59 +0000 (+0000)
Subject: explain how to read the certificate.
X-Git-Tag: release-1.7.1rc1~25
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0b21483b178120a3a0166e2e7970cb22cb2c421a;p=thirdparty%2Funbound.git

explain how to read the certificate.


git-svn-id: file:///svn/unbound/trunk@4639 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index 9b3625652..d6b4cef27 100644
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -1473,6 +1473,10 @@ To use a nondefault port for DNS communication append '@' with the port number.
 If tls is enabled, then you can append a '#' and a name, then it'll check
 the tls authentication certificates with that name.  If you combine
 the '@' and '#', the '@' comes first.
+.IP
+At high verbosity it logs the TLS certificate, with TLS enabled.
+If you leave out the '#' and auth name from the forward\-addr, any
+name is accepted.  The cert must also match a CA from the tls\-cert\-bundle.
 .TP
 .B forward\-first: \fI<yes or no>
 If enabled, a query is attempted without the forward clause if it fails.