aboutsummaryrefslogtreecommitdiffstats
path: root/pullimap.md
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-12-01 15:37:01 +0100
committerGuilhem Moulin <guilhem@fripost.org>2016-12-01 15:37:01 +0100
commit3edd36d6c419a6bb057a31270422e82e3a140873 (patch)
tree18560edb8ae1accc5a89d9533c2eb95b6ef8261e /pullimap.md
parentbf57c46e0292f64a637fcee92abcdc0e79c6c53e (diff)
parentd5b28183b91b0931db1d185ea04cbeae4a70a677 (diff)
Merge tag 'upstream/0.3' into debian
Upstream version 0.3
Diffstat (limited to 'pullimap.md')
-rw-r--r--pullimap.md17
1 files changed, 12 insertions, 5 deletions
diff --git a/pullimap.md b/pullimap.md
index 06e5988..cb2a07a 100644
--- a/pullimap.md
+++ b/pullimap.md
@@ -210,12 +210,19 @@ Valid options are:
*SSL_fingerprint*
-: Fingerprint of the server certificate (or its public key) in the
- form `[ALGO$]DIGEST_HEX`, where `ALGO` is the used algorithm
- (by default `sha256`).
+: Fingerprint of the server certificate's Subject Public Key Info, in
+ the form `[ALGO$]DIGEST_HEX` where `ALGO` is the used algorithm (by
+ default `sha256`).
Attempting to connect to a server with a non-matching certificate
- fingerprint causes `pullimap` to abort the connection during the
- SSL/TLS handshake.
+ SPKI fingerprint causes `pullimap` to abort the connection during
+ the SSL/TLS handshake.
+
+ You can use the following command to compute the SHA-256 digest of
+ certificate's Subject Public Key Info.
+
+ openssl x509 -in /path/to/server/certificate.pem -pubkey \
+ | openssl pkey -pubin -outform DER \
+ | openssl dgst -sha256
*SSL_verify*