From 8d2408c16943ca3c7beb70905690e3b1e24079b2 Mon Sep 17 00:00:00 2001
From: mathieui <mathieui@mathieui.net>
Date: Wed, 8 Oct 2014 12:55:22 +0200
Subject: Use SHA-2 (SHA-512) to store the certificate fingerprint instead of
 SHA-1

Because SHA-1 is not really relevant anymore.
Too bad it's significantly longer and tiring to check, even if that is
to be expected.
---
 doc/source/configuration.rst | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'doc')

diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index b15d5140..419e1880 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -62,8 +62,11 @@ and certificate validation.
 
         **Default value:** ``[empty]``
 
-        The fingerprint of the SSL certificate as a hexadecimal string, you should
-        not touch it, except if know what you are doing.
+        The SHA-2 fingerprint of the SSL certificate as a hexadecimal string,
+        you should not touch it, except if know what you are doing.
+
+        .. note:: the fingerprint was previously stored in SHA-1, and has been
+                silently upgraded to SHA-2 if the SHA-1 still matched.
 
     ciphers
 
-- 
cgit v1.2.3