Software / code / prosody-modules
Annotate
mod_s2s_log_certs/README.markdown @ 4203:c4002aae4ad3
mod_s2s_keepalive: Use timestamp as iq @id
RFC 6120 implies that the id attribute must be unique within a stream.
This should fix problems with remote servers that enforce uniqueness and
don't answer duplicated ids.
If it doesn't do that, then at least you can get a guesstimate at
round-trip time from the difference between the result iq stanza and the
timestamp it was logged without having to go look for when it was sent,
or needing to keep state.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 14 Oct 2020 18:02:10 +0200 |
| parent | 2876:ea6b5321db50 |
| rev | line source |
|---|---|
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
1 --- |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
2 summary: Log certificate status and fingerprint of remote servers |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
3 ... |
| 1782 | 4 |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
5 Introduction |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
6 ============ |
| 1782 | 7 |
| 8 This module produces info level log messages with the certificate status | |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
9 and fingerprint every time an s2s connection is established. It can also |
| 2876 | 10 optionally store this in persistent storage. |
| 1782 | 11 |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
12 **info** jabber.org has a trusted valid certificate with SHA1: |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
13 11:C2:3D:87:3F:95:F8:13:F8:CA:81:33:71:36:A7:00:E0:01:95:ED |
| 1782 | 14 |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
15 Fingerprints could then be added to |
|
1810
2905137cf541
mod_s2s_log_certs/README: Fix link
Kim Alvefur <zash@zash.se>
parents:
1803
diff
changeset
|
16 [mod\_s2s\_auth\_fingerprint](mod_s2s_auth_fingerprint.html). |
| 1782 | 17 |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
18 Configuration |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
19 ============= |
| 1782 | 20 |
| 21 Add the module to the `modules_enabled` list. | |
| 22 | |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
23 modules_enabled = { |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
24 ... |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
25 "s2s_log_certs"; |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
26 } |
| 1782 | 27 |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
28 If you want to keep track of how many times, and when a certificate is |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
29 seen add |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
30 |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
31 `s2s_log_certs_persist = true` |
| 1782 | 32 |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
33 Compatibility |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
34 ============= |
| 1782 | 35 |
|
1803
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
36 ------- -------------- |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
37 trunk Works |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
38 0.10 Works |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
39 0.9 Works |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
40 0.8 Doesn't work |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1787
diff
changeset
|
41 ------- -------------- |
