Both DANE and PKI verification are advisory when --tofu is being used.

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2014-04-18 11:02:38 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2014-04-18 11:02:38 +0200
commit: f4115be3a4eeb58477ce89d66fef88b9b1b8cf63 (patch)
tree: 800d905dde45b0c0375f3137a33d43e4af106446 /src/cli-args.def
parent: 14872b9fb566b54f36adee00a38efdeaed489173 (diff)
download: gnutls-f4115be3a4eeb58477ce89d66fef88b9b1b8cf63.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/src/cli-args.def b/src/cli-args.def
index 1b3354491d..ddca613e22 100644
--- a/src/cli-args.def
+++ b/src/cli-args.def
@@ -17,7 +17,10 @@ flag = {
     descrip   = "Enable trust on first use authentication";
     disabled;
     disable   = "no";
-    doc       = "This option will, in addition to certificate authentication, perform authentication based on previously seen public keys, a model similar to SSH authentication. Note that tofu will take precedence over certificate (PKI) authentication.";
+    doc       = "This option will, in addition to certificate authentication, perform authentication
+based on previously seen public keys, a model similar to SSH authentication. Note that when tofu 
+is specified (PKI) and DANE authentication will become advisory to assist the public key acceptance
+process.";
 };
 
 flag = {
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2014-04-18 11:02:38 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2014-04-18 11:02:38 +0200
commit	f4115be3a4eeb58477ce89d66fef88b9b1b8cf63 (patch)
tree	800d905dde45b0c0375f3137a33d43e4af106446 /src/cli-args.def
parent	14872b9fb566b54f36adee00a38efdeaed489173 (diff)
download	gnutls-f4115be3a4eeb58477ce89d66fef88b9b1b8cf63.tar.gz