[4.8.1] Adds the ${.tls.x509_fp} macro

axoflow · Nov 19, 2024 · a7362e3 · a7362e3
1 parent 91bea72
commit a7362e3
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 10 deletions.
diff --git a/content/chapter-encrypted-transport-tls/tlsoptions/_index.md b/content/chapter-encrypted-transport-tls/tlsoptions/_index.md
@@ -372,9 +372,9 @@ To find the fingerprint of a certificate, you can use the following command: `op
 
 When using the `trusted-keys()` and `trusted-dn()` parameters, note the following:
 
-  - First, the `trusted-keys()` parameter is checked. If the fingerprint of the peer is listed, the certificate validation is performed.
-
-  - If the fingerprint of the peer is not listed in the `trusted-keys()` parameter, the `trusted-dn()` parameter is checked. If the DN of the peer is not listed in the `trusted-dn()` parameter, the authentication of the peer fails and the connection is closed.
+- First, the `trusted-keys()` parameter is checked. If the fingerprint of the peer is listed, the certificate validation is performed.
+- If the fingerprint of the peer is not listed in the `trusted-keys()` parameter, the `trusted-dn()` parameter is checked. If the DN of the peer is not listed in the `trusted-dn()` parameter, the authentication of the peer fails and the connection is closed.
 
 {{% /alert %}}
 
+Starting with version 4.8.1, if `trusted-keys()` is set, {{% param "product.abbrev" %}} automatically adds the key fingerprint of the peer to the `${.tls.x509_fp}` name-value pair.
diff --git a/...ter-manipulating-messages/customizing-message-format/reference-macros/_index.md b/...ter-manipulating-messages/customizing-message-format/reference-macros/_index.md
@@ -439,13 +439,10 @@ Available in {{% param "product.abbrev" %}} version 4.5 and later.
 
 *Description:* When using a transport that uses TLS, these macros contain information about the peer's certificate. That way, you can use information from the client certificate in filenames, database values, or as other metadata. If you clients have their own certificates, then these values are unique per client, but unchangeable by the client. The following macros are available in {{% param "product.abbrev" %}} version 3.9 and later.
 
-  - `.tls.x509_cn`: The Common Name of the certificate.
-
-  - `.tls.x509_o`: The value of the Organization field.
-
-  - `.tls.x509_ou`: The value of the Organization Unit field.
-
-
+- `.tls.x509_cn`: The Common Name of the certificate.
+- `.tls.x509_o`: The value of the Organization field.
+- `.tls.x509_ou`: The value of the Organization Unit field.
+- `.tls.x509_fp`: The key fingerprint of the peer, if the [`trusted-keys()` option]({{< relref "/chapter-encrypted-transport-tls/tlsoptions/_index.md#tls-options-trusted-keys" >}}) is used. Available in version 4.8.1 and later.
 
 ## UNIQID {#macro-uniqid}