prosody-modules
d611ed13df7e
mod_auth_ccert/README.md
Software / code / prosody-modules
Comparison
mod_auth_ccert/README.md @ 6209:d611ed13df7e draft
Merge
| author | Trần H. Trung <xmpp:trần.h.trung@trung.fun> |
|---|---|
| date | Tue, 18 Mar 2025 00:16:25 +0700 |
| parent | 4433:mod_auth_ccert/README.markdown@0e3f5f70a51d |
comparison
equal
deleted
inserted
replaced
| 6208:e20901443eae | 6209:d611ed13df7e |
|---|---|
| 1 --- | |
| 2 labels: | |
| 3 - 'Stage-Alpha' | |
| 4 - 'Type-Auth' | |
| 5 summary: Client Certificate authentication module | |
| 6 ... | |
| 7 | |
| 8 Introduction | |
| 9 ============ | |
| 10 | |
| 11 This module implements PKI-style client certificate authentication. You | |
| 12 will therefore need your own Certificate Authority. How to set that up | |
| 13 is beyond the current scope of this document. | |
| 14 | |
| 15 Configuration | |
| 16 ============= | |
| 17 | |
| 18 | |
| 19 authentication = "ccert" | |
| 20 certificate_match = "xmppaddr" -- or "email" | |
| 21 | |
| 22 c2s_ssl = { | |
| 23 cafile = "/path/to/your/ca.pem"; | |
| 24 capath = false; -- Disable capath inherited from built-in default | |
| 25 verify = {"peer"; "client_once"}; -- Ask for client certificate | |
| 26 verifyext = { | |
| 27 -- Don't validate client certs as if they were server certs | |
| 28 lsec_ignore_purpose = false | |
| 29 } | |
| 30 } | |
| 31 | |
| 32 | |
| 33 Compatibility | |
| 34 ============= | |
| 35 | |
| 36 ----------------- -------------- | |
| 37 trunk Works | |
| 38 0.10 and later Works | |
| 39 0.9 and earlier Doesn't work | |
| 40 ----------------- -------------- |
