diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-02-24 12:18:31 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-02-24 12:18:31 +0100 |
| commit | d52eacc4513d8abe8d6a554fc52e4240b1802d48 (patch) | |
| tree | 457db9667516afce37f0614281b0a610519085fa /libdane/dane.c | |
| parent | 6e96756cef4c3e2a720c8981f6b2efb8252a1226 (diff) | |
| download | gnutls-d52eacc4513d8abe8d6a554fc52e4240b1802d48.tar.gz | |
doc update
Diffstat (limited to 'libdane/dane.c')
| -rw-r--r-- | libdane/dane.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/libdane/dane.c b/libdane/dane.c index 2d68cdd4a7..b6a950f6cb 100644 --- a/libdane/dane.c +++ b/libdane/dane.c @@ -502,6 +502,9 @@ cleanup: * If no information via DANE can be obtained the flag %DANE_VERIFY_NO_DANE_INFO * is set. If a DNSSEC signature is not available for the DANE * record then the verify flag %DANE_VERIFY_NO_DNSSEC_DATA is set. + * + * Note that the CA constraint only applies for the directly certifying CA + * and does not account for long CA chains. * * Due to the many possible options of DANE, there is no single threat * model countered. When notifying the user about DANE verification results |