prosody-modules
fe081789f7b5
mod_auth_ccert/README.md
Software / code / prosody-modules
Comparison
mod_auth_ccert/README.md @ 6003:fe081789f7b5
All community modules: Unify file extention of Markdown files to .md
| author | Menel <menel@snikket.de> |
|---|---|
| date | Tue, 22 Oct 2024 10:26:01 +0200 |
| parent | 4433:mod_auth_ccert/README.markdown@0e3f5f70a51d |
comparison
equal
deleted
inserted
replaced
| 6002:5a65a632d5b9 | 6003:fe081789f7b5 |
|---|---|
| 1 --- | |
| 2 labels: | |
| 3 - 'Stage-Alpha' | |
| 4 - 'Type-Auth' | |
| 5 summary: Client Certificate authentication module | |
| 6 ... | |
| 7 | |
| 8 Introduction | |
| 9 ============ | |
| 10 | |
| 11 This module implements PKI-style client certificate authentication. You | |
| 12 will therefore need your own Certificate Authority. How to set that up | |
| 13 is beyond the current scope of this document. | |
| 14 | |
| 15 Configuration | |
| 16 ============= | |
| 17 | |
| 18 | |
| 19 authentication = "ccert" | |
| 20 certificate_match = "xmppaddr" -- or "email" | |
| 21 | |
| 22 c2s_ssl = { | |
| 23 cafile = "/path/to/your/ca.pem"; | |
| 24 capath = false; -- Disable capath inherited from built-in default | |
| 25 verify = {"peer"; "client_once"}; -- Ask for client certificate | |
| 26 verifyext = { | |
| 27 -- Don't validate client certs as if they were server certs | |
| 28 lsec_ignore_purpose = false | |
| 29 } | |
| 30 } | |
| 31 | |
| 32 | |
| 33 Compatibility | |
| 34 ============= | |
| 35 | |
| 36 ----------------- -------------- | |
| 37 trunk Works | |
| 38 0.10 and later Works | |
| 39 0.9 and earlier Doesn't work | |
| 40 ----------------- -------------- |
