From 8cb6ec4cee79d41c30d7df38b58ab1f198ac8581 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 21 May 2008 11:45:40 +0200
Subject: added some forgotten doc

---
 doc/imtcp.html   |  2 +-
 doc/ns_gtls.html | 37 ++++++++++++++++++++++++++-----------
 2 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/doc/imtcp.html b/doc/imtcp.html
index 86c50dba..12f8020d 100644
--- a/doc/imtcp.html
+++ b/doc/imtcp.html
@@ -20,7 +20,7 @@ $InputTCPServerRun multiple times. This is not currently supported.
 <ul>
 <li>$InputTCPServerRun &lt;port&gt;<br>
 Starts a TCP server on selected port</li>
-<li>$InputTCPMaxSessions &lt;number&gt;<br>
+<li><ul><li>$InputTCPMaxSessions &lt;number&gt;</li></ul>
 Sets the maximum number of sessions supported</li><li>$InputTCPServerStreamDriverMode &lt;number&gt;<br>
 Sets the driver mode for the currently selected <a href="netstream.html">network stream driver</a>. &lt;number&gt; is driver specifc.</li><li>$InputTCPServerStreamDriverAuthMode &lt;mode-string&gt;<br>
 Sets the authentication mode for the currently selected <a href="netstream.html">network stream driver</a>. &lt;mode-string&gt; is driver specifc.</li><li>$InputTCPServerStreamDriverPermittedPeer &lt;id-string&gt;<br>
diff --git a/doc/ns_gtls.html b/doc/ns_gtls.html
index ff5ed7c3..46e2e238 100644
--- a/doc/ns_gtls.html
+++ b/doc/ns_gtls.html
@@ -11,21 +11,36 @@ library</a>.</p>
 <ul>
 <li>0 - unencrypted trasmission (just like <a href="ns_ptcp.html">ptcp</a> driver)</li>
 <li>1 - TLS-protected operation</li>
-</ul>Note: mode 0 does not provide any benefit over the ptcp driver.
-This mode exists for technical reasons, but should not be used. It may
-be removed in the future.<br><span style="font-weight: bold;">
-Supported Authentication Modes</span><br>
+</ul>
+Note: mode 0 does not provide any benefit over the ptcp driver. This
+mode exists for technical reasons, but should not be used. It may be
+removed in the future.<br>
+<span style="font-weight: bold;">Supported Authentication
+Modes</span><br>
 <ul>
-<li><span style="font-weight: bold;">anon</span> - anonymous authentication as
+<li><span style="font-weight: bold;">anon</span>
+- anonymous authentication as
 described in IETF's draft-ietf-syslog-transport-tls-12 Internet draft</li>
-<li><span style="font-weight: bold;">x509/fingerprint</span> - certificate fingerprint authentication as
-described in IETF's draft-ietf-syslog-transport-tls-12 Internet draft</li><li><span style="font-weight: bold;">x509/name</span> - certificate validation and subject name authentication as
-described in IETF's draft-ietf-syslog-transport-tls-12 Internet draft [NOT YET IMPLEMENTED]</li>
-</ul>Note: "anon" does not permit to authenticate the remote peer. As
-such, this mode is vulnerable to man in the middle attacks as well as
+<li><span style="font-weight: bold;">x509/fingerprint</span>
+- certificate fingerprint authentication as
+described in IETF's draft-ietf-syslog-transport-tls-12 Internet draft</li>
+<li><span style="font-weight: bold;">x509/name</span>
+- certificate validation and subject name authentication as
+described in IETF's draft-ietf-syslog-transport-tls-12 Internet draft
+[NOT YET IMPLEMENTED]</li>
+</ul>
+Note: "anon" does not permit to authenticate the remote peer. As such,
+this mode is vulnerable to man in the middle attacks as well as
 unauthorized access. It is recommended NOT to use this mode.<br>
-[<a href="rsyslog_conf.html">rsyslog.conf overview</a>]
+<br>
+<b>Known Problems</b><br>
+<p>Even in x509/fingerprint mode, both the client and sever
+certificate currently must be signed by the same root CA. This is an
+artifact of the underlying GnuTLS library and the way we use it. It is
+expected that we can resolve this issue in the future.</p>
+<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>]
 [<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]
+</p>
 <p><font size="2">This documentation is part of the
 <a href="http://www.rsyslog.com/">rsyslog</a>
 project.<br>
-- 
cgit v1.2.3