X-Git-Url: https://ruderich.org/simon/gitweb/?p=nsscash%2Fnsscash.git;a=blobdiff_plain;f=README;h=b5a60ab6bb068f9bb1036ea40b3d56f73730c88a;hp=ee1088a4391d6f358ba4664e19bd546fa86b9932;hb=526f6f1db39bde8ca1f7684225a3983634bddafe;hpb=8e30fc811afc50bfdb00e366cb1ac00e186b0511

diff --git a/README b/README
index ee1088a..b5a60ab 100644
--- a/README
+++ b/README
@@ -28,8 +28,8 @@ Nsscash is very careful when deploying the changes:
   when all operations were successful.
 - To prevent unexpected permissions, `nsscash` does not create new files. The
   user must create them first and `nsscash` will then re-use the permissions
-  (without the write bits) and owner/group when updating the file (see
-  examples below).
+  (without the write bits to discourage manual modifications) and owner/group
+  when updating the file (see examples below).
 - To prevent misconfigurations, empty files (no users/groups) are not
   permitted and will not be written to disk. This is designed to prevent the
   accidental loss of all users/groups on a system.
@@ -56,8 +56,8 @@ nsscash is licensed under AGPL version 3 or later.
 - C compiler, for `libnss_cash.so.2`
 
 Tested on Debian Stretch and Buster, but should work on any GNU/Linux system.
-With adapations to the NSS module it should work on any UNIX-like system which
-uses NSS.
+With adaptations to the NSS module it should work on any UNIX-like system
+which uses NSS.
 
 
 == USAGE
@@ -147,6 +147,10 @@ keys are available:
 
 - `url`: URL to fetch the file from; HTTP and HTTPS are supported
 
+- `ca`: Path to a custom CA in PEM format. Restricts HTTPS requests to accept
+  only certificates signed by this CA. Defaults to the system's certificate
+  store when omitted.
+
 - `path`: Path to store the retrieved file