reference.conf: Document fingerprint generation

[ci skip]
This commit is contained in:
Aaron Jones 2016-07-16 05:41:49 +00:00
parent 8b0392ca39
commit 6621472435
No known key found for this signature in database
GPG key ID: 6E854C0FAAD4CEA4

View file

@ -1418,7 +1418,12 @@ general {
* The spki_* variants operate on the SubjectPublicKeyInfo of the certificate, which does * The spki_* variants operate on the SubjectPublicKeyInfo of the certificate, which does
* not change unless the private key is changed. This allows the fingerprint to stay * not change unless the private key is changed. This allows the fingerprint to stay
* constant even if the certificate is reissued. These fingerprints will be prefixed with * constant even if the certificate is reissued. These fingerprints will be prefixed with
* "SPKI:SHA2-256:" or "SPKI:SHA2-512:" depending on the hash type. * "SPKI:SHA2-256:" or "SPKI:SHA2-512:" depending on the hash type. These fingerprints
* are not supported on servers running charybdis 3.5 or earlier.
*
* To generate a fingerprint from a certificate file, please use the mkfingerprint utility
* program located in the bin/ subdirectory of your IRCd installation. Running it with no
* arguments will give you a brief usage message; it takes method and filename arguments.
*/ */
certfp_method = spki_sha256; certfp_method = spki_sha256;