doc: add documentation for tls_cert_fingerprint keyword

author Mats Klepsland <mats.klepsland@gmail.com>

Wed, 15 Mar 2017 07:02:08 +0000 (08:02 +0100)

committer Victor Julien <victor@inliniac.net>

Tue, 21 Nov 2017 16:32:25 +0000 (17:32 +0100)
author Mats Klepsland <mats.klepsland@gmail.com>
Wed, 15 Mar 2017 07:02:08 +0000 (08:02 +0100)
committer Victor Julien <victor@inliniac.net>
Tue, 21 Nov 2017 16:32:25 +0000 (17:32 +0100)
diff --git a/doc/userguide/rules/tls-keywords.rst b/doc/userguide/rules/tls-keywords.rst

index 583eae24f7a20077324342757f6c9163dde6d4fb..69ea8ad2b3f75d57826dc3574616c629336be9d0 100644 (file)
--- a/doc/userguide/rules/tls-keywords.rst
+++ b/doc/userguide/rules/tls-keywords.rst
@@ -45,6 +45,22 @@ Example::
  
  ``tls_cert_serial`` can be used as ``fast_pattern``.
  
+tls_cert_fingerprint
+--------------------
+
+Match on the SHA-1 fingerprint of the certificate.
+
+Example::
+
+  alert tls any any -> any any (msg:"match cert fingerprint"; \
+    tls_cert_fingerprint; \
+    content:"4a:a3:66:76:82:cb:6b:23:bb:c3:58:47:23:a4:63:a7:78:a4:a1:18"; \
+    sid:200023;)
+
+``tls_cert_fingerprint`` is a 'Sticky buffer'.
+
+``tls_cert_fingerprint`` can be used as ``fast_pattern``.
+
  tls_sni
  -------
author	Mats Klepsland <mats.klepsland@gmail.com>
	Wed, 15 Mar 2017 07:02:08 +0000 (08:02 +0100)
committer	Victor Julien <victor@inliniac.net>
	Tue, 21 Nov 2017 16:32:25 +0000 (17:32 +0100)