X-Git-Url: https://ruderich.org/simon/gitweb/?p=nsscash%2Fnsscash.git;a=blobdiff_plain;f=README;h=4febddfaff66a3f16f662fe216b82e4ca3c5cd57;hp=f559110f4669b88277f42e4e5002307f8627753c;hb=db3be9251d95b15bb4dc49095b7d5c69258ba3e4;hpb=1416d64c367cb29c3ca459b66ac9ffd57413fb43

diff --git a/README b/README
index f559110..4febddf 100644
--- a/README
+++ b/README
@@ -19,7 +19,8 @@ lookups. To support quick lookups, in O(log n), the files utilize indices.
 
 Nsscash is very careful when deploying the changes:
 - All files are updated using the standard "write to temporary file", "sync",
-  "rename" steps which is atomic on UNIX file systems.
+  "rename" steps which is atomic on UNIX file systems. The indices are stored
+  in the same file preventing stale data during the update.
 - All errors cause an immediate abort ("fail fast") with a proper error
   message and a non-zero exit status. This prevents hiding possibly important
   errors. In addition all files are fetched first and then deployed to try to
@@ -56,8 +57,8 @@ nsscash is licensed under AGPL version 3 or later.
 - C compiler, for `libnss_cash.so.2`
 
 Tested on Debian Stretch and Buster, but should work on any GNU/Linux system.
-With adapations to the NSS module it should work on any UNIX-like system which
-uses NSS.
+With adaptations to the NSS module it should work on any UNIX-like system
+which uses NSS.
 
 
 == USAGE
@@ -147,6 +148,10 @@ keys are available:
 
 - `url`: URL to fetch the file from; HTTP and HTTPS are supported
 
+- `ca`: Path to a custom CA in PEM format. Restricts HTTPS requests to accept
+  only certificates signed by this CA. Defaults to the system's certificate
+  store when omitted.
+
 - `path`: Path to store the retrieved file