From ce95a3cb27a9e0fe669a81e778bf8166dba47e43 Mon Sep 17 00:00:00 2001 From: michael Date: Sat, 15 Jun 2013 19:17:25 +0000 Subject: - Implement CERTFP git-svn-id: svn://svn.ircd-hybrid.org/svnroot/ircd-hybrid/branches/8.1.x@2237 82007160-df01-0410-b94d-b575c5fd34c7 --- doc/Makefile.in | 2 +- doc/reference.conf | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/Makefile.in b/doc/Makefile.in index 0a52aaf..c3d88c6 100644 --- a/doc/Makefile.in +++ b/doc/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.13.3 from Makefile.am. +# Makefile.in generated by automake 1.13.4 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. diff --git a/doc/reference.conf b/doc/reference.conf index 9d12229..4cb5fe2 100644 --- a/doc/reference.conf +++ b/doc/reference.conf @@ -457,6 +457,18 @@ operator { */ # rsa_public_key_file = "/usr/local/ircd/etc/oper.pub"; + /* + * fingerprint: enhances security by additionally checking the oper's + * client certificate fingerprint against the specified fingerprint + * below. + * + * Hint: your users can use the following command to obtain a SHA-256 hash + * of their ssl certificate: + * + * openssl x509 -sha256 -noout -fingerprint -in cert.pem | sed -e 's/^.*=//;s/://g' + */ +# fingerprint = "4C62287BA6776A89CD4F8FF10A62FFB35E79319F51AF6C62C674984974FCCB1D"; + /* class: the class the oper joins when they successfully /oper */ class = "opers"; @@ -599,6 +611,13 @@ connect { */ # ssl_cipher_list = "DHE-RSA-AES256-SHA:AES256-SHA"; + /* + * fingerprint: enhances security by additionally checking the server's + * client certificate fingerprint against the specified fingerprint + * below. + */ +# fingerprint = "4C62287BA6776A89CD4F8FF10A62FFB35E79319F51AF6C62C674984974FCCB1D"; + /* * autoconn - controls whether we autoconnect to this server or not, * dependent on class limits. By default, this is disabled. -- cgit