From 262263dbf4f21a9b96c1094d6462e2830e6ebf35 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Sat, 15 Aug 2015 15:11:29 +0100
Subject: [PATCH] More detail in documentation

---
 INSTALL         | 7 ++++---
 README.md       | 2 +-
 spec/index.html | 4 +++-
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/INSTALL b/INSTALL
index ca68375d..fd917338 100644
--- a/INSTALL
+++ b/INSTALL
@@ -254,10 +254,11 @@ not `/usr/local'.  It is recommended to use the following options:
 
      ./configure --prefix=/boot/common
 
-   On Mac OSX getdns will not build against the version of OpenSSL shipped with 
+   On Mac OSX getdns will not build against the version of OpenSSL shipped with
 OSX. If you link against a self-complied version of OpenSSL then manual 
-configuration of certificates is required for TLS authentication to work, 
-however if linking against the version of OpenSSL installed via Homebrew TLS 
+configuration of certificates into the default OpenSSL directory 
+/usr/local/etc/openssl/certs is currently required for TLS authentication to work.
+However if linking against the version of OpenSSL installed via Homebrew TLS 
 authentication will work out of the box.
 
 Specifying the System Type
diff --git a/README.md b/README.md
index ecae05fd..d8a000a4 100644
--- a/README.md
+++ b/README.md
@@ -214,7 +214,7 @@ build the packages, this is simplythe one we chose to use.
     create dmg
 
     A self-compiled version of OpenSSL or the version installed via Homebrew is required.
-    Note: If using a self-compiled version manual configuration of certificates is required for TLS authentication to wokr
+    Note: If using a self-compiled version manual configuration of certificates into /usr/local/etc/openssl/certs is required for TLS authentication to work.
 
 #### Homebrew
 
diff --git a/spec/index.html b/spec/index.html
index af5ad542..05375e7e 100644
--- a/spec/index.html
+++ b/spec/index.html
@@ -2209,7 +2209,9 @@ getdns_context_set_dns_transport_list(
 <p class=cont>The <code>transports</code> array contains an ordered list of transports that will be used for DNS lookups.
 If only one transport value is specified it will be the only transport used.
 Should it not be available basic resolution will fail.
-Fallback transport options are specified by including multiple values in the list.
+Fallback transport options are specified by including multiple values in the list. Currently the TLS and STARTTLS options
+perform Strict TLS which requires a hostname to be 
+specified so that authentication can be performed. This hostname can be specified in the tls_auth_name parameter for an upstream.
 The values are <span class=default>
 <code>GETDNS_TRANSPORT_UDP</code></span>,
 <code>GETDNS_TRANSPORT_TCP</code>,