From: Fredrik Tolf <fredrik@dolda2000.com>
Date: Tue, 19 Oct 2010 06:38:24 +0000 (+0200)
Subject: sni: Documented SNI operation.
X-Git-Tag: 0.3~1^2
X-Git-Url: http://www.dolda2000.com/gitweb/?p=ashd.git;a=commitdiff_plain;h=4094af224622c42d12692107d6762cc3d88a0b8d

sni: Documented SNI operation.
---

diff --git a/src/ssl-gnutls.c b/src/ssl-gnutls.c
index e27d314..3eca0bb 100644
--- a/src/ssl-gnutls.c
+++ b/src/ssl-gnutls.c
@@ -398,11 +398,24 @@ void handlegnussl(int argc, char **argp, char **argv)
 	    printf("\tcrl=CRL-FILE    [no default]\n");
 	    printf("\t\tThe name of a file to read revocation lists from.\n");
 	    printf("\t\tMay be given multiple times.\n");
+	    printf("\tncert=CERT-FILE [no default]\n");
+	    printf("\t\tThe name of a file to read a named certificate from,\n");
+	    printf("\t\tfor use with SNI-enabled clients.\n");
+	    printf("\t\tMay be given multiple times.\n");
+	    printf("\tncertdir=DIR    [no default]\n");
+	    printf("\t\tRead all *.crt files in the given directory as if they\n");
+	    printf("\t\twere given with `ncert' options.\n");
+	    printf("\t\tMay be given multiple times.\n");
 	    printf("\tport=PORT       [443]\n");
 	    printf("\t\tThe TCP port to listen on.\n");
 	    printf("\n");
 	    printf("\tAll X.509 data files must be PEM-encoded.\n");
-	    printf("\tSee the manpage for information on specifying multiple\n\tcertificates to support SNI operation.\n");
+	    printf("\tIf any certificates were given with `ncert' options, they will be\n");
+	    printf("\tused if a client explicitly names one of them with a\n");
+	    printf("\tserver-name indication. If a client indicates no server name,\n");
+	    printf("\tor if a server-name indication does not match any given\n");
+	    printf("\tcertificate, the certificate given with the `cert' option will\n");
+	    printf("\tbe used instead.\n");
 	    exit(0);
 	} else if(!strcmp(argp[i], "cert")) {
 	    crtfile = argv[i];