From 050e27b31bf9f6789d1312c8f4a91e251eada5fc Mon Sep 17 00:00:00 2001
From: Shivaram Lingamneni <slingamn@cs.stanford.edu>
Date: Sat, 13 Nov 2021 19:58:56 -0500
Subject: [PATCH] fix #1798

Improve documentation for use of certificate fingerprints
---
 docs/USERGUIDE.md | 2 ++
 irc/nickserv.go   | 9 +++++----
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/docs/USERGUIDE.md b/docs/USERGUIDE.md
index 2012b433..127609ce 100644
--- a/docs/USERGUIDE.md
+++ b/docs/USERGUIDE.md
@@ -75,6 +75,8 @@ Once you have registered your account, you must configure SASL in your client, s
 
 If your client doesn't support SASL, you can typically use the "server password" (`PASS`) field in your client to log into your account automatically when connecting. Set the server password to `accountname:accountpassword`, where `accountname` is your account name and `accountpassword` is your account password.
 
+For information on how to use a client certificate for authentication, see the [operator manual](https://github.com/ergochat/ergo/blob/stable/docs/MANUAL.md#client-certificates).
+
 # Channel registration
 
 Once you've registered your nickname, you can use it to register channels. By default, channels are ephemeral; they go away when there are no longer any users in the channel, or when the server is restarted. Registering a channel gives you permanent control over it, and ensures that its settings will persist. To register a channel, send a message to `ChanServ`:
diff --git a/irc/nickserv.go b/irc/nickserv.go
index 89e74e02..517116c5 100644
--- a/irc/nickserv.go
+++ b/irc/nickserv.go
@@ -354,12 +354,13 @@ the result of a previous $bSENDPASS$b command.`,
 			handler: nsCertHandler,
 			help: `Syntax: $bCERT <LIST | ADD | DEL> [account] [certfp]$b
 
-CERT examines or modifies the TLS certificate fingerprints that can be used to
-log into an account. Specifically, $bCERT LIST$b lists the authorized
-fingerprints, $bCERT ADD <fingerprint>$b adds a new fingerprint, and
+CERT examines or modifies the SHA-256 TLS certificate fingerprints that can
+be used to log into an account. Specifically, $bCERT LIST$b lists the
+authorized fingerprints, $bCERT ADD <fingerprint>$b adds a new fingerprint, and
 $bCERT DEL <fingerprint>$b removes a fingerprint. If you're an IRC operator
 with the correct permissions, you can act on another user's account, for
-example with $bCERT ADD <account> <fingerprint>$b.`,
+example with $bCERT ADD <account> <fingerprint>$b. See the operator manual
+for instructions on how to compute the fingerprint.`,
 			helpShort: `$bCERT$b controls a user account's certificate fingerprints`,
 			enabled:   servCmdRequiresAuthEnabled,
 			minParams: 1,