prosody-modules
0e3f5f70a51d
mod_auth_ccert/README.markdown
Software / code / prosody-modules
Comparison
mod_auth_ccert/README.markdown @ 4433:0e3f5f70a51d
mod_auth_ccert/README: Add certificate purpose conifg to example
Thanks debacle
By default Prosody validates all client certificates as if they were
server certificates, for historical reasons, from a time when you
couldn't get certificates with the client purpose.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 06 Feb 2021 22:15:08 +0100 |
| parent | 4432:e83284d4d5c2 |
comparison
equal
deleted
inserted
replaced
| 4432:e83284d4d5c2 | 4433:0e3f5f70a51d |
|---|---|
| 21 | 21 |
| 22 c2s_ssl = { | 22 c2s_ssl = { |
| 23 cafile = "/path/to/your/ca.pem"; | 23 cafile = "/path/to/your/ca.pem"; |
| 24 capath = false; -- Disable capath inherited from built-in default | 24 capath = false; -- Disable capath inherited from built-in default |
| 25 verify = {"peer"; "client_once"}; -- Ask for client certificate | 25 verify = {"peer"; "client_once"}; -- Ask for client certificate |
| 26 verifyext = { | |
| 27 -- Don't validate client certs as if they were server certs | |
| 28 lsec_ignore_purpose = false | |
| 29 } | |
| 26 } | 30 } |
| 27 | 31 |
| 28 | 32 |
| 29 Compatibility | 33 Compatibility |
| 30 ============= | 34 ============= |
