From b2e199577daf5d40e3d64ae7bc0eafe02fbf2329 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 14 Apr 2017 11:36:34 +0300 Subject: [PATCH] doc update Signed-off-by: Nikos Mavrogiannopoulos --- doc/sample.config | 11 +++++++---- src/ocserv-args.def | 11 +++++++---- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/doc/sample.config b/doc/sample.config index a155998d..8c1e7014 100644 --- a/doc/sample.config +++ b/doc/sample.config @@ -84,12 +84,15 @@ udp-port = 443 # Accept connections using a socket file. It accepts HTTP # connections (i.e., without SSL/TLS unlike its TCP counterpart), # and uses it as the primary channel. That option is experimental -# and it has the following known issues. -# * can only be combined with certificate authentication, by received -# information through the proxy protocol channel (see listen-proxy-proto) -# * It cannot derive any keys needed for the DTLS session (dtls-psk) +# and it has many known issues. +# * It can only be combined with certificate authentication, when receiving +# channel information through proxy protocol (see listen-proxy-proto) +# * It cannot derive any keys needed for the DTLS session (hence no support for dtls-psk) # * It cannot enforce the framing of the SSL/TLS packets, and that # breaks assumptions held by several openconnect clients. +# This option is not recommended for use, and may be removed +# in the future. +# #listen-clear-file = /var/run/ocserv-conn.socket # The user the worker processes will be run as. It should be diff --git a/src/ocserv-args.def b/src/ocserv-args.def index 8f29406d..f90f318a 100644 --- a/src/ocserv-args.def +++ b/src/ocserv-args.def @@ -162,12 +162,15 @@ udp-port = 4443 # Accept connections using a socket file. It accepts HTTP # connections (i.e., without SSL/TLS unlike its TCP counterpart), # and uses it as the primary channel. That option is experimental -# and it has the following known issues. -# * can only be combined with certificate authentication, by received -# information through the proxy protocol channel (see listen-proxy-proto) -# * It cannot derive any keys needed for the DTLS session (dtls-psk) +# and it has many known issues. +# * It can only be combined with certificate authentication, when receiving +# channel information through proxy protocol (see listen-proxy-proto) +# * It cannot derive any keys needed for the DTLS session (hence no support for dtls-psk) # * It cannot enforce the framing of the SSL/TLS packets, and that # breaks assumptions held by several openconnect clients. +# This option is not recommended for use, and may be removed +# in the future. +# #listen-clear-file = /var/run/ocserv-conn.socket # The user the worker processes will be run as. It should be