Document that ftp-proxy breaks explicit RFC4217 FTP TLS. While here,

chroot and privdrop is a feature, not a bug, so move it out of CAVEATS.
ok sthen

1 files changed, 7 insertions, 3 deletions

diff --git a/usr.sbin/ftp-proxy/ftp-proxy.8 b/usr.sbin/ftp-proxy/ftp-proxy.8
index e4a0aad493e..396d3bf2b3e 100644
--- a/usr.sbin/ftp-proxy/ftp-proxy.8
+++ b/usr.sbin/ftp-proxy/ftp-proxy.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ftp-proxy.8,v 1.19 2012/06/25 11:49:19 jmc Exp $
+.\"	$OpenBSD: ftp-proxy.8,v 1.20 2015/01/09 11:19:12 stsp Exp $
 .\"
 .\" Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: June 25 2012 $
+.Dd $Mdocdate: January 9 2015 $
 .Dt FTP-PROXY 8
 .Os
 .Sh NAME
@@ -81,6 +81,9 @@ pass in from $client to $orig_server port $proxy_port \e
 pass out from $client to $server port $port nat-to $proxy
 .Ed
 .Pp
+.Nm
+chroots to "/var/empty" and changes to user "proxy" to drop privileges.
+.Pp
 The options are as follows:
 .Bl -tag -width Ds
 .It Fl 6
@@ -193,5 +196,6 @@ The negotiated IP address for active modes is ignored for security
 reasons.
 This makes third party file transfers impossible.
 .Pp
+Since
 .Nm
-chroots to "/var/empty" and changes to user "proxy" to drop privileges.
+acts as a man-in-the-middle it breaks explicit FTP TLS connections (RFC 4217).