diff options
| -rw-r--r-- | doc/omrelp.html | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/doc/omrelp.html b/doc/omrelp.html index a44ec319..d01a1add 100644 --- a/doc/omrelp.html +++ b/doc/omrelp.html @@ -42,6 +42,23 @@ must be used. increases CPU use, the network bandwidth should be reduced. Note that typical text-based log records usually compress rather well. </li> + <li><b>tls.permittedPeer</b> peer</br> + Places access restrictions on this listener. Only peers which + have been listed in this parameter may connect. The validation + bases on the cerficate the remote peer presents.<br> + The <i>peer</i> parameter lists permitted certificate + fingerprints. Note that it is an array parameter, so either + a single or multiple fingerprints can be listed. When a + non-permitted peer connects, the refusal is logged together + with it's fingerprint. So it the administrator knows this was + a valid request, he can simple add the fingerprint by copy and + past from the logfile to rsyslog.conf. + <br>To specify multiple fingerprints, just enclose them + in braces like this: + <br>tls.permittedPeer=["SHA1:...1", "SHA1:....2"] + <br>To specify just a single peer, you can either + specify the string directly or enclose it in braces. + </li> <li><b>tls.prioritystring</b> (not mandatory, string)<br> This parameter permits to specify the so-called "priority string" to GnuTLS. This string gives complete control over all crypto parameters, |