------------
- GnuTLS library including development headers
-- certtool (from by GnuTLS) to create TLS certificates
+- certtool (from GnuTLS) to create TLS certificates
USAGE
(because it doesn't know the fingerprint for https://www.example.org/, that's
how '-u' works) and you won't be aware that a different server certificate
might be used!
+
+If you always verify the authentication of the connection this isn't a
+problem, but if you only check if it's a HTTPS connection then this attack is
+possible.
+
+
+KNOWN ISSUES
+------------
+
+- Firefox (at least Iceweasel 3.5.16 on Debian) fails to load the error page
+ sent with the "invalid" certificate once the certificate has been accepted.
+ As the user shouldn't accept the invalid certificate this is a minor issue.