update docs and remove duplicate entry

Signed-off-by: chodges15 <[email protected]>
prometheus · Mar 27, 2023 · b205f7a · b205f7a
1 parent b0e6f85
commit b205f7a
Showing 1 changed file with 3 additions and 7 deletions.
diff --git a/docs/web-configuration.md b/docs/web-configuration.md
@@ -38,14 +38,10 @@ tls_server_config:
   # CA certificate for client certificate authentication to the server.
   [ client_ca_file: <filename> ]
   
-  # Verify that the client certificate has a Subject Alternate Name (SAN) which includes the following
+  # Verify that the client certificate has a Subject Alternate Name (SAN) which matches the following
   # regex pattern, else terminate connection. SAN match can be one or multiple of the following:
-  # DNS, IP, e-mail, or URI address from https://pkg.go.dev/crypto/x509#Certificate.
-  [ client_allowed_san_regex: <string> | default ""]
-
-  # Verify that the client certificate has a Subject Alternate Name (SAN) which includes the following
-  # regex pattern, else terminate connection. SAN match can be one or multiple of the following:
-  # DNS, IP, e-mail, or URI address from https://pkg.go.dev/crypto/x509#Certificate.
+  # DNS, IP, e-mail, or URI address from https://pkg.go.dev/crypto/x509#Certificate. Regex expression
+  # is anchored to avoid the confusing case of matching only a subset of the SAN instead of the full string.  
   [ client_allowed_san_regex: <string> | default ""]
 
   # Minimum TLS version that is acceptable.