Diff

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_watchuntrusted/README.markdown	Fri Aug 28 18:03:58 2015 +0200
@@ -0,0 +1,40 @@
+---
+labels:
+- 'Stage-Alpha'
+summary: |
+    Warn admins about outgoing s2s connections that are refused due to
+    invalid or untrusted certificates
+...
+
+Introduction
+============
+
+Similar to mod\_watchregistrations, this module warns admins when an s2s
+connection fails due for encryption or trust reasons.
+
+The certificate shows the SHA1 hash, so it can easily be used together
+with mod\_s2s\_auth\_fingerprint.
+
+Configuration
+=============
+
+    modules_enabled = {
+        -- other modules --
+        "watchuntrusted",
+
+    }
+
+    untrusted_fail_watchers = { "admin@example.lit" }
+    untrusted_fail_notification = "Establishing a secure connection from $from_host to $to_host failed. Certificate hash: $sha1. $errors"
+
+  Option                          Default                                                                                                         Description
+  ------------------------------- --------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------
+  untrusted\_fail\_watchers       All admins                                                                                                      The users to send the message to
+  untrusted\_fail\_notification   "Establishing a secure connection from \$from\_host to \$to\_host failed. Certificate hash: \$sha1. \$errors"   The message to send, \$from\_host, \$to\_host, \$sha1 and \$errors are replaced
+
+Compatibility
+=============
+
+  ------- -------
+  trunk   Works
+  ------- -------