# HG changeset patch
# User tmolitor <thilo@eightysoft.de>
# Date 1486931048 -3600
# Node ID 5ca2470a77552d21c1a4690a3d1509beeb5c3481
# Parent  d300ae5dba877a472a624887231eeb4aad909378# Parent  a6486881fe4259eff6fbd49ce15b2f93b16209c6
merged upstream changes

diff -r d300ae5dba87 -r 5ca2470a7755 mod_s2s_auth_dane/README.markdown
--- a/mod_s2s_auth_dane/README.markdown	Sun Feb 12 21:23:22 2017 +0100
+++ b/mod_s2s_auth_dane/README.markdown	Sun Feb 12 21:24:08 2017 +0100
@@ -63,12 +63,10 @@
     xmpp.example.com. IN A 192.0.2.68
     xmpp.example.com. IN AAAA 2001:0db8:0000:0000:4441:4e45:544c:5341
 
-    ; The DANE TLSA records.  These three are equivalent, you would use only one of them.
-    ; First, using symbolic names:
-    _5269._tcp.xmpp.example.com. 300 IN TLSA DANE-EE Cert SHA2-256 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
-    ; Using numbers:
+    ; The DANE TLSA records.
     _5269._tcp.xmpp.example.com. 300 IN TLSA 3 0 1 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
-    ; Raw binary format, should work even with very old DNS tools:
+
+    ; If your zone file tooling does not support TLSA records, you can try the raw binary format:
     _5269._tcp.xmpp.example.com. 300 IN TYPE52 \# 35 030001E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
 
 [List of DNSSEC and DANE
@@ -83,3 +81,12 @@
 =============
 
 Requires 0.9 or above.
+
+Known issues
+============
+
+-   A race condition between the DANE lookup and completion of the TLS
+    handshake may cause a crash. This does not happen in **trunk**
+    thanks to better async support.
+
+