Clarify fingerprint comments in example oper block

git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@12373 e03df62e-2008-0410-955e-edbf42e46eb7

diff --git a/conf/opers.conf.example b/conf/opers.conf.example
index 2b75fa8089fb0325c34a4f835c86cf3d646b56df..0d1e6cd4951ec296558fb029130173ff908d7b33 100644 (file)
--- a/conf/opers.conf.example
+++ b/conf/opers.conf.example
@@ -90,25 +90,25 @@
 
       # host: What hostnames/IP's are allowed to oper up with this oline.
       # Multiple options can be separated by spaces and CIDR's are allowed.
-      # You CAN use just * or *@* for this section, but it is not recommended\r
-      # for security reasons.\r
+      # You CAN use just * or *@* for this section, but it is not recommended
+      # for security reasons.
       host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"
 
       # ** ADVANCED ** This option is disabled by default.
       # fingerprint: When using the m_sslinfo module, you may specify
-      # a key fingerprint here. This can be obtained by using the
-      # /fingerprint command while the module is loaded. This enhances
-      # security by verifying that the person opering up has the matching
-      # key/certificate combination. This enhances security a great deal.
-      # If m_sslinfo and m_ssl_gnutls/m_ssl_openssl aren't loaded,
-      # this option will be ignored.
-      #fingerprint="67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4"
+      # a key fingerprint here. This can be obtained by using the /sslinfo
+      # command while the module is loaded, and is also noticed on connect.
+      # This enhances security by verifying that the person opering up has
+      # a matching SSL client certificate, which is very difficult to
+      # forge (impossible unless preimage attacks on the hash exist).
+      # If m_sslinfo isn't loaded, this option will be ignored.
+      #fingerprint="67cb9dc013248a829bb2171ed11becd4"
 
       # sslonly: This oper can only oper up if they're using a SSL connection.
-      # Setting this option adds a decent bit of security. Highly recommended if
-      # the oper is on wifi or specifically, unsecured wifi.
-      # This setting only takes effect if m_sslinfo and m_ssl_gnutls or m_ssl_openssl
-      # are loaded.
+      # Setting this option adds a decent bit of security. Highly recommended
+      # if the oper is on wifi, or specifically, unsecured wifi. Note that it
+      # is redundant to specify this option if you specify a fingerprint.
+      # This setting only takes effect if m_sslinfo is loaded.
       #sslonly="yes"
 
       # vhost: overrides the vhost in the type block. Class and modes may also
@@ -124,7 +124,7 @@
       name="Brain"
       password="s3cret"
       host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"
-      #fingerprint="67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4"
+      #fingerprint="67cb9dc013248a829bb2171ed11becd4"
       type="NetAdmin">
 
 # oline with hashed password. It is highly recommended to use hashed passwords.
@@ -147,8 +147,8 @@
 
       # host: What hostnames/IP's are allowed to oper up with this oline.
       # Multiple options can be separated by spaces and CIDR's are allowed.
-      # You CAN use just * or *@* for this section, but it is not recommended\r
-      # for security reasons.\r
+      # You CAN use just * or *@* for this section, but it is not recommended
+      # for security reasons.
       host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"
 
       # type: What oper type this oline is. See the block above for list