Software /
code /
prosody-modules
File
mod_s2s_log_certs/README.markdown @ 4432:e83284d4d5c2
mod_auth_ccert/README: Add setting to ensure Prosdy asks for client certificate
This used to be the default for all services, but since it triggers
annoying popups in web browsers it was inverted in Prosody and only s2s
enables it, so it needs to be explicitly enabled for c2s again.
See trunk 115b5e32d960
Thanks debacle
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 06 Feb 2021 21:34:25 +0100 |
parent | 2876:ea6b5321db50 |
line wrap: on
line source
--- summary: Log certificate status and fingerprint of remote servers ... Introduction ============ This module produces info level log messages with the certificate status and fingerprint every time an s2s connection is established. It can also optionally store this in persistent storage. **info** jabber.org has a trusted valid certificate with SHA1: 11:C2:3D:87:3F:95:F8:13:F8:CA:81:33:71:36:A7:00:E0:01:95:ED Fingerprints could then be added to [mod\_s2s\_auth\_fingerprint](mod_s2s_auth_fingerprint.html). Configuration ============= Add the module to the `modules_enabled` list. modules_enabled = { ... "s2s_log_certs"; } If you want to keep track of how many times, and when a certificate is seen add `s2s_log_certs_persist = true` Compatibility ============= ------- -------------- trunk Works 0.10 Works 0.9 Works 0.8 Doesn't work ------- --------------