X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=README;h=c88806b1f2f82724fc0aaaaf77d85ae5d5fc5613;hb=a964f7f572ec43c2d2f143bdb4a467f1ea5dbc36;hp=444bec794b59e0573ac4b69f8bc13cc26c665aa5;hpb=17eaccf9d2388fa7e0131ad83868666119b6f2c9;p=tlsproxy%2Ftlsproxy.git

diff --git a/README b/README
index 444bec7..c88806b 100644
--- a/README
+++ b/README
@@ -12,7 +12,7 @@ REQUIREMENTS
 ------------
 
 - GnuTLS library including development headers
-- certtool (from by GnuTLS) to create TLS certificates
+- certtool (from GnuTLS) to create TLS certificates
 
 
 USAGE
@@ -84,3 +84,15 @@ link on a different site) then the proxy just forwards the TLS connection
 (because it doesn't know the fingerprint for https://www.example.org/, that's
 how '-u' works) and you won't be aware that a different server certificate
 might be used!
+
+If you always verify the authentication of the connection this isn't a
+problem, but if you only check if it's a HTTPS connection then this attack is
+possible.
+
+
+KNOWN ISSUES
+------------
+
+- Firefox (at least Iceweasel 3.5.16 on Debian) fails to load the error page
+  sent with the "invalid" certificate once the certificate has been accepted.
+  As the user shouldn't accept the invalid certificate this is a minor issue.