Merge tag 'upstream/0.3' into debian

Upstream version 0.3
author: Guilhem Moulin <guilhem@fripost.org> 2016-12-01 15:37:01 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2016-12-01 15:37:01 +0100
commit: 3edd36d6c419a6bb057a31270422e82e3a140873 (patch)
tree: 18560edb8ae1accc5a89d9533c2eb95b6ef8261e /pullimap.md
parent: bf57c46e0292f64a637fcee92abcdc0e79c6c53e (diff)
parent: d5b28183b91b0931db1d185ea04cbeae4a70a677 (diff)
1 files changed, 12 insertions, 5 deletions
diff --git a/pullimap.md b/pullimap.md
index 06e5988..cb2a07a 100644
--- a/pullimap.md
+++ b/pullimap.md
@@ -210,12 +210,19 @@ Valid options are:
 
 *SSL_fingerprint*
 
-:   Fingerprint of the server certificate (or its public key) in the
-    form `[ALGO$]DIGEST_HEX`, where `ALGO` is the used algorithm
-    (by default `sha256`).
+:   Fingerprint of the server certificate's Subject Public Key Info, in
+    the form `[ALGO$]DIGEST_HEX` where `ALGO` is the used algorithm (by
+    default `sha256`).
     Attempting to connect to a server with a non-matching certificate
-    fingerprint causes `pullimap` to abort the connection during the
-    SSL/TLS handshake.
+    SPKI fingerprint causes `pullimap` to abort the connection during
+    the SSL/TLS handshake.
+
+    You can use the following command to compute the SHA-256 digest of
+    certificate's Subject Public Key Info.
+
+        openssl x509 -in /path/to/server/certificate.pem -pubkey \
+        | openssl pkey -pubin -outform DER \
+        | openssl dgst -sha256
 
 *SSL_verify*
author	Guilhem Moulin <guilhem@fripost.org>	2016-12-01 15:37:01 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2016-12-01 15:37:01 +0100
commit	3edd36d6c419a6bb057a31270422e82e3a140873 (patch)
tree	18560edb8ae1accc5a89d9533c2eb95b6ef8261e /pullimap.md
parent	bf57c46e0292f64a637fcee92abcdc0e79c6c53e (diff)
parent	d5b28183b91b0931db1d185ea04cbeae4a70a677 (diff)