Software /
code /
prosody-modules
Diff
mod_s2s_auth_fingerprint/README.markdown @ 1803:4d73a1a6ba68
Convert all wiki pages to Markdown
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 28 Aug 2015 18:03:58 +0200 |
parent | 1782:29f3d6b7ad16 |
child | 1820:8de50be756e5 |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_s2s_auth_fingerprint/README.markdown Fri Aug 28 18:03:58 2015 +0200 @@ -0,0 +1,46 @@ +--- +labels: +- 'Stage-Alpha' +- 'Type-S2SAuth' +summary: Fingerprint based s2s authentication +... + +Introduction +============ + +This module allows you to manually pin certificate fingerprints of +remote servers. + +Details +======= + +Servers not listed in the configuration are not affected. + +Configuration +============= + +After installing and enabling this module, you can put fingerprints of +remote servers in your config like this: + + s2s_auth_fingerprint_digest = "sha1" -- This is the default. Other options are "sha256" and "sha512" + s2s_trusted_fingerprints = { + ["jabber.org"] = "11:C2:3D:87:3F:95:F8:13:F8:CA:81:33:71:36:A7:00:E0:01:95:ED"; + ["matthewwild.co.uk"] = { + "FD:7F:B2:B9:4C:C4:CB:E2:E7:48:FB:0D:98:11:C7:D8:4D:2A:62:AA"; + "CF:F3:EC:43:A9:D5:D1:4D:D4:57:09:55:52:BC:5D:73:06:1A:A1:A0"; + }; + } + + -- If you don't want to fall back to dialback, you can list the domains s2s_secure_domains too + s2s_secure_domains = { + "jabber.org"; + } + +Compatibility +============= + + ------- -------------- + trunk Works + 0.9 Works + 0.8 Doesn't work + ------- --------------