10564b1175
groff 1.23.0 added .MR to its -man macro package. The NEWS file states
that the inclusion of the macro "was prompted by its introduction to
Plan 9 from User Space's troff in August 2020." From d32deab it seems
that the name for Plan 9 from User Space's implementation was suggested
by groff maintainer G. Brandon Robinson.
Not sure if the intention was to make these definitions compatible, but
it would be nice if they were.
Currently, Plan 9 from User Space's .MR expects its second argument to
be parenthesized. groff's .MR does not. This results in extra
parentheses appearing in manual references when viewing Plan 9 from User
Space's manual pages on a system using groff.
42 lines
1.1 KiB
Groff
42 lines
1.1 KiB
Groff
.TH THUMBPRINT 7
|
|
.SH NAME
|
|
thumbprint \- public key thumbprints
|
|
.SH DESCRIPTION
|
|
.PP
|
|
Applications in Plan 9 that use public keys for authentication,
|
|
for example by calling
|
|
.B tlsClient
|
|
and
|
|
.B okThumbprint
|
|
(see
|
|
.MR pushtls 3 ),
|
|
check the remote side's public key by comparing against
|
|
thumbprints from a trusted list.
|
|
The list is maintained by people who set local policies
|
|
about which servers can be trusted for which applications,
|
|
thereby playing the role taken by certificate authorities
|
|
in PKI-based systems.
|
|
By convention, these lists are stored as files in
|
|
.B /sys/lib/tls/
|
|
and protected by normal file system permissions.
|
|
.PP
|
|
Such a thumbprint file comprises lines made up of
|
|
attribute/value pairs of the form
|
|
.IB attr = value
|
|
or
|
|
.IR attr .
|
|
The first attribute must be
|
|
.B x509
|
|
and the second must be
|
|
.BI sha1= {hex checksum of binary certificate}.
|
|
All other attributes are treated as comments.
|
|
The file may also contain lines of the form
|
|
.BI #include file
|
|
.PP
|
|
For example, a web server might have thumbprint
|
|
.EX
|
|
x509 sha1=8fe472d31b360a8303cd29f92bd734813cbd923c cn=*.cs.bell-labs.com
|
|
.EE
|
|
.SH "SEE ALSO"
|
|
.MR pushtls 3
|