RFC Errata
RFC 7407, "A YANG Data Model for SNMP Configuration", December 2014
Source of RFC: netmod (ops)
Errata ID: 5886
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Martin Björklund
Date Reported: 2019-10-29
Held for Document Update by: Ignas Bagdonas
Date Held: 2019-11-18
Section 4.1 says:
leaf fingerprint { type x509c2n:tls-fingerprint; mandatory true; description "Specifies a value with which the fingerprint of the full certificate presented by the peer is compared. If the fingerprint of the full certificate presented by the peer does not match the fingerprint configured, then the entry is skipped, and the search for a match continues.";
It should say:
leaf fingerprint { type x509c2n:tls-fingerprint; mandatory true; description "Specifies a value with which the certificate presented by the peer is compared, according to the algorithm defined in the description of the list node 'cert-to-name'.";
Notes:
The quoted text is not consistent with the algorithm described in the list 'cert-to-name'. Better to simply refer to the cert-to-name description. The algorithm described in 'cert-to-name' works in the same way as described in the referenced RFC 6353, which makes it clear that this is the intended behaviour.