From 17eaccf9d2388fa7e0131ad83868666119b6f2c9 Mon Sep 17 00:00:00 2001
From: Simon Ruderich <simon@ruderich.org>
Date: Tue, 15 Mar 2011 22:31:50 +0100
Subject: [PATCH] README: Add information about -u option.

---
 README | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/README b/README
index ebcb53f..444bec7 100644
--- a/README
+++ b/README
@@ -56,3 +56,31 @@ also easy to spot in the browser because it uses an invalid hostname
 
 If an internal error occurs before the TLS connection can be established a 503
 Forwarding failure is sent to the client (unencrypted).
+
+
+-u option
+~~~~~~~~~
+
+The '-u' option passes through connections for hostnames with no stored
+certificate (i.e. `certificate-*-server.pem` is missing or unreadable). In
+this case the normal CA chain in your browser lets you validate the server
+certificate. If the server certificate changes you're _not_ informed!
+
+This option is useful if you often visit websites using HTTPS but you don't
+use critical information (e.g. no passwords, etc.) on this website.
+
+For hostnames with a stored server certificate everything works as usual and a
+certificate change is detected.
+
+WARNING: The option might cause security problems if you're not careful:
+
+For example you normally visit https://example.org/ and store the server
+certificate in `certificate-example.org.server.pem`. Without '-u' everything
+is fine.
+
+But if you use '-u' and an attacker redirects you to e.g.
+https://www.example.org/ (or https://whatever.org/) (for example through a
+link on a different site) then the proxy just forwards the TLS connection
+(because it doesn't know the fingerprint for https://www.example.org/, that's
+how '-u' works) and you won't be aware that a different server certificate
+might be used!
-- 
2.44.1