From ff15c2c016c796b2001ddd6940f89ef3cf50dfa1 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Sun, 25 Jun 2023 00:27:27 +0100 Subject: [PATCH] Document the sslinfo config better. --- docs/conf/modules.conf.example | 37 +++++++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 10 deletions(-) diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index d6812616c..c631be942 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -2421,17 +2421,34 @@ # # # -# If you want to prevent users from viewing TLS certificate information -# and fingerprints of other users, set operonly to yes. You can also set hash -# to an IANA Hash Function Textual Name to use the SSL fingerprint sent by a -# WebIRC gateway (requires the cgiirc module), localsecure to allow locally -# connected connections where TLS is not necessary to be considered secure, -# spkifp to use a SPKI key fingerprint instead of a client certificate -# fingerprint and warnexpiring to warn users when their client certificate is -# about to expire. -# field of the TLS profile used for # +# user connections. # +# # +# localsecure - Whether to treat locally-connected plaintext users # +# as if they are connected with TLS. Defaults to yes. # +# # +# operonly - Whether TLS client certificate info is only visible # +# by server operators. Defaults to no. # +# # +# spkifp - Whether to use a Subject Public Key Info (SPKI) # +# fingerprint instead of a certificate fingerprint # +# for user TLS client fingerprints. Defaults to no. # +# # +# warnexpiring - If specified then the maximum period of validity # +# that can be left on a user's TLS client certificate # +# before users are warned about the imminent expiry. # +# # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# +#