From bb56f934479159c6fe4992ee6f0ece43500495d0 Mon Sep 17 00:00:00 2001
From: Luke Tidd <lukeisgreat@gmail.com>
Date: Sat, 24 Feb 2024 19:07:22 -0500
Subject: [PATCH] add instructions for potential future addition of irc
 self-signed sasl keys

---
 ssl-update.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ssl-update.py b/ssl-update.py
index 8c2a8d9..2083636 100755
--- a/ssl-update.py
+++ b/ssl-update.py
@@ -7,6 +7,14 @@ assumptions:
     * firewall has `ssl-update.sh` copied to /usr/local/bin and chmod +x
 """
 
+# TODO: cover this as well:
+# irc sasl cert will expire in 7 years
+# regenerate cert:
+#   openssl req -x509 -new -newkey ed25519 -sha256 -days 1096 -nodes -out user.pem -keyout user.pem
+# get fingerprint:
+#   openssl x509 -in user.pem -noout -fingerprint -sha512 | awk -F= '{gsub(":",""); print tolower ($2)}'
+# /msg nickserv cert add $fingerprint
+
 import datetime
 import logging
 import getpass