- Implement CERTFP

git-svn-id: svn://svn.ircd-hybrid.org/svnroot/ircd-hybrid/branches/8.1.x@2237 82007160-df01-0410-b94d-b575c5fd34c7

2 files changed, 20 insertions, 1 deletions

diff --git a/doc/Makefile.in b/doc/Makefile.in
index 0a52aaf..c3d88c6 100644
--- a/doc/Makefile.in
+++ b/doc/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.13.3 from Makefile.am.
+# Makefile.in generated by automake 1.13.4 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
diff --git a/doc/reference.conf b/doc/reference.conf
index 9d12229..4cb5fe2 100644
--- a/doc/reference.conf
+++ b/doc/reference.conf
@@ -457,6 +457,18 @@ operator {
 	 */
 #	rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
 
+	/*
+	 * fingerprint: enhances security by additionally checking the oper's
+	 * client certificate fingerprint against the specified fingerprint
+	 * below.
+	 *
+	 * Hint: your users can use the following command to obtain a SHA-256 hash
+	 * of their ssl certificate:
+	 *
+	 *	openssl x509 -sha256 -noout -fingerprint -in cert.pem | sed -e 's/^.*=//;s/://g'
+	 */
+#	fingerprint = "4C62287BA6776A89CD4F8FF10A62FFB35E79319F51AF6C62C674984974FCCB1D";
+
 	/* class: the class the oper joins when they successfully /oper */
 	class = "opers";
 
@@ -600,6 +612,13 @@ connect {
 #	ssl_cipher_list = "DHE-RSA-AES256-SHA:AES256-SHA";
 
 	/*
+	 * fingerprint: enhances security by additionally checking the server's
+	 * client certificate fingerprint against the specified fingerprint
+	 * below.
+	 */
+#	fingerprint = "4C62287BA6776A89CD4F8FF10A62FFB35E79319F51AF6C62C674984974FCCB1D";
+
+	/*
 	 * autoconn   - controls whether we autoconnect to this server or not,
 	 *              dependent on class limits. By default, this is disabled.
 	 * ssl        - Initiates a TLS/SSL connection.