From a7362e3def2f9fb3c2e83ef7bba9cda49e72d0e9 Mon Sep 17 00:00:00 2001 From: Robert Fekete Date: Tue, 19 Nov 2024 15:37:01 +0100 Subject: [PATCH] [4.8.1] Adds the ${.tls.x509_fp} macro --- .../tlsoptions/_index.md | 6 +++--- .../reference-macros/_index.md | 11 ++++------- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/content/chapter-encrypted-transport-tls/tlsoptions/_index.md b/content/chapter-encrypted-transport-tls/tlsoptions/_index.md index e6dd124e..1c7b0232 100644 --- a/content/chapter-encrypted-transport-tls/tlsoptions/_index.md +++ b/content/chapter-encrypted-transport-tls/tlsoptions/_index.md @@ -372,9 +372,9 @@ To find the fingerprint of a certificate, you can use the following command: `op When using the `trusted-keys()` and `trusted-dn()` parameters, note the following: - - First, the `trusted-keys()` parameter is checked. If the fingerprint of the peer is listed, the certificate validation is performed. - - - If the fingerprint of the peer is not listed in the `trusted-keys()` parameter, the `trusted-dn()` parameter is checked. If the DN of the peer is not listed in the `trusted-dn()` parameter, the authentication of the peer fails and the connection is closed. +- First, the `trusted-keys()` parameter is checked. If the fingerprint of the peer is listed, the certificate validation is performed. +- If the fingerprint of the peer is not listed in the `trusted-keys()` parameter, the `trusted-dn()` parameter is checked. If the DN of the peer is not listed in the `trusted-dn()` parameter, the authentication of the peer fails and the connection is closed. {{% /alert %}} +Starting with version 4.8.1, if `trusted-keys()` is set, {{% param "product.abbrev" %}} automatically adds the key fingerprint of the peer to the `${.tls.x509_fp}` name-value pair. diff --git a/content/chapter-manipulating-messages/customizing-message-format/reference-macros/_index.md b/content/chapter-manipulating-messages/customizing-message-format/reference-macros/_index.md index 680fa9eb..b8832135 100644 --- a/content/chapter-manipulating-messages/customizing-message-format/reference-macros/_index.md +++ b/content/chapter-manipulating-messages/customizing-message-format/reference-macros/_index.md @@ -439,13 +439,10 @@ Available in {{% param "product.abbrev" %}} version 4.5 and later. *Description:* When using a transport that uses TLS, these macros contain information about the peer's certificate. That way, you can use information from the client certificate in filenames, database values, or as other metadata. If you clients have their own certificates, then these values are unique per client, but unchangeable by the client. The following macros are available in {{% param "product.abbrev" %}} version 3.9 and later. - - `.tls.x509_cn`: The Common Name of the certificate. - - - `.tls.x509_o`: The value of the Organization field. - - - `.tls.x509_ou`: The value of the Organization Unit field. - - +- `.tls.x509_cn`: The Common Name of the certificate. +- `.tls.x509_o`: The value of the Organization field. +- `.tls.x509_ou`: The value of the Organization Unit field. +- `.tls.x509_fp`: The key fingerprint of the peer, if the [`trusted-keys()` option]({{< relref "/chapter-encrypted-transport-tls/tlsoptions/_index.md#tls-options-trusted-keys" >}}) is used. Available in version 4.8.1 and later. ## UNIQID {#macro-uniqid}