Diff

mod_s2s_auth_fingerprint/README.wiki @ 1782:29f3d6b7ad16

Import wiki pages
author Kim Alvefur <zash@zash.se>
date Mon, 24 Aug 2015 16:43:56 +0200
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_s2s_auth_fingerprint/README.wiki	Mon Aug 24 16:43:56 2015 +0200
@@ -0,0 +1,37 @@
+#summary Fingerprint based s2s authentication
+#labels Stage-Alpha, Type-S2SAuth
+
+= Introduction =
+
+This module allows you to manually pin certificate fingerprints of remote servers.
+
+= Details =
+
+Servers not listed in the configuration are not affected.
+
+= Configuration =
+
+After installing and enabling this module, you can put fingerprints of remote servers in your config like this:
+
+{{{
+s2s_auth_fingerprint_digest = "sha1" -- This is the default. Other options are "sha256" and "sha512"
+s2s_trusted_fingerprints = {
+	["jabber.org"] = "11:C2:3D:87:3F:95:F8:13:F8:CA:81:33:71:36:A7:00:E0:01:95:ED";
+	["matthewwild.co.uk"] = {
+		"FD:7F:B2:B9:4C:C4:CB:E2:E7:48:FB:0D:98:11:C7:D8:4D:2A:62:AA";
+		"CF:F3:EC:43:A9:D5:D1:4D:D4:57:09:55:52:BC:5D:73:06:1A:A1:A0";
+	};
+}
+
+-- If you don't want to fall back to dialback, you can list the domains s2s_secure_domains too
+s2s_secure_domains = {
+	"jabber.org";
+}
+}}}
+
+= Compatibility =
+
+||trunk||Works||
+||0.9||Works||
+||0.8||Doesn't work||
+