README: Improve -u description.

author Simon Ruderich <simon@ruderich.org>

Wed, 16 Mar 2011 13:25:45 +0000 (14:25 +0100)

committer Simon Ruderich <simon@ruderich.org>

Wed, 16 Mar 2011 13:25:45 +0000 (14:25 +0100)
author Simon Ruderich <simon@ruderich.org>
Wed, 16 Mar 2011 13:25:45 +0000 (14:25 +0100)
committer Simon Ruderich <simon@ruderich.org>
Wed, 16 Mar 2011 13:25:45 +0000 (14:25 +0100)
diff --git a/README b/README

index 444bec794b59e0573ac4b69f8bc13cc26c665aa5..0178e5c8f97a7caff3f3041cb50e4751ac10bc52 100644 (file)
--- a/README
+++ b/README
@@ -84,3 +84,7 @@ link on a different site) then the proxy just forwards the TLS connection
  (because it doesn't know the fingerprint for https://www.example.org/, that's
  how '-u' works) and you won't be aware that a different server certificate
  might be used!
+
+If you always verify the authentication of the connection this isn't a
+problem, but if you only check if it's a HTTPS connection then this attack is
+possible.
author	Simon Ruderich <simon@ruderich.org>
	Wed, 16 Mar 2011 13:25:45 +0000 (14:25 +0100)
committer	Simon Ruderich <simon@ruderich.org>
	Wed, 16 Mar 2011 13:25:45 +0000 (14:25 +0100)