server/keymgmt.c: Fix warning message to match documentation.

[tripe] / server / tripe-admin.5.in

diff --git a/server/tripe-admin.5.in b/server/tripe-admin.5.in
index 0ab6711bdedc71862e80f58a2e4f11ea3ec70356..3f13de4a8840cc4370173a6423d43d38c1da32b7 100644 (file)
--- a/server/tripe-admin.5.in
+++ b/server/tripe-admin.5.in
@@ -364,6 +364,19 @@ address and emit an
 .B NEWADDR
 notification.
 .TP
+.BI "\-priv " tag
+Use the private key
+.I tag
+to authenticate to the peer.  The default is to use the key named in the
+.RB ` \-t '
+command-line option, or a key with type
+.B tripe
+or
+.BR tripe-dh :
+see
+.BR tripe (8)
+for the details.
+.TP
 .BI "\-tunnel " tunnel
 Use the named tunnel driver, rather than the default.
 .\"-opts
@@ -375,10 +388,15 @@ Emits an
 line reporting the IP address and port number stored for
 .IR peer .
 .SP
-.B "ALGS"
+.BI "ALGS \fR[" peer \fR]
 Emits information about the cryptographic algorithms in use, in
-key-value form.  The keys are as follows.
+key-value form.  If a
+.I peer
+is given, then describe the algorithms used in the association with that
+peer; otherwise describe the default algorithms.
 .RS
+.PP
+The keys are as follows.
 .TP
 .B kx-group
 Type of key-exchange group in use, currently either
@@ -541,10 +559,22 @@ The keepalive interval, in seconds, or zero if no keepalives are to be
 sent.
 .TP
 .B key
-The key tag being used for the peer, as passed to the
+The (short) key tag being used for the peer, as passed to the
 .B ADD
-command.  (You don't get a full key-id, since that might change while
-the daemon's running.)
+command.
+.TP
+.B current-key
+The full key tag of the peer's public key currently being used.  This
+may change during the life of the association.
+.TP
+.B private-key
+The private key tag being used for the peer, as passed to the
+.B ADD
+command.
+.TP
+.B current-private-key
+The full key tag of the private key currently being used for this
+association.  This may change during the life of the association.
 .RE
 .SP
 .BI "PING \fR[" options "\fR] " peer
@@ -1306,6 +1336,12 @@ is one of the tokens
 or
 .BR switch-ok .
 .SP
+.BI "KX " peer " algorithms-mismatch local-private-key " privtag " peer-public-key " pubtag
+The algorithms specified in the peer's public key
+.I pubtag
+don't match the ones described in the private key
+.IR privtag .
+.SP
 .BI "KX " peer " bad-expected-reply-log"
 The challenges
 .B tripe
@@ -1329,9 +1365,11 @@ A message didn't contain the right magic data.  This may be a replay of
 some old exchange, or random packets being sent in an attempt to waste
 CPU.
 .SP
-.BI "KX " peer " public-key-expired"
-The peer's public key has expired.  It's maintainer should have given
-you a replacement before now.
+.BI "KX " peer " " which "-key-expired"
+The local private key or the peer's public key (distinguished by
+.IR which )
+has expired.  Either you or the peer's maintainer should have arranged
+for a replacement before now.
 .SP
 .BI "KX " peer " sending-cookie"
 We've received too many bogus pre-challenge messages.  Someone is trying