From ebd03383f856bfaa72b1700a96561396e6f8f6cc Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Mon, 19 Feb 2024 18:46:05 +0000 Subject: Allow using multiple SSL fingerprint algorithms. Closes #1804. --- docs/conf/modules.conf.example | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'docs') diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index 6e7dafd76..7c19f620d 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -2464,7 +2464,9 @@ # gateway users (requires the gateway module). This # # should be the same algorithm you specified in the # # field of the TLS profile used for # -# user connections. # +# user connections. You can prefix the algorithm name # +# with spki- to use a Subject Public Key Info (SPKI) # +# fingerprint instead of a certificate fingerprint. # # # # localsecure - Whether to treat locally-connected plaintext users # # as if they are connected with TLS. Defaults to yes. # @@ -2472,10 +2474,6 @@ # operonly - Whether TLS client certificate info is only visible # # by server operators. Defaults to no. # # # -# spkifp - Whether to use a Subject Public Key Info (SPKI) # -# fingerprint instead of a certificate fingerprint # -# for user TLS client fingerprints. Defaults to no. # -# # # warnexpiring - If specified then the maximum period of validity # # that can be left on a user's TLS client certificate # # before users are warned about the imminent expiry. # @@ -2489,7 +2487,6 @@ # -- cgit v1.3.1-10-gc9f91