prosody
64ddcbc9a328
certs/openssl.cnf
Software / code / prosody
File
certs/openssl.cnf @ 10360:64ddcbc9a328
core.stanza_router: Do strict jidprep on c2s
Be conservative in what you let your clients send, be liberal in what
you let in via s2s.
Being strict on s2s leads to interop problems and poor experiences, ie
users being ejected from MUCs if something invalid enters. By starting
with tightening up input into the network, we may be able to gradually
approach a point where no invalid JIDs are allowed.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 09 Sep 2019 22:32:01 +0200 |
| parent | 6922:e0672860d208 |
| child | 12604:bd9e006a7a74 |
line wrap: on
line source
oid_section = new_oids [ new_oids ] # RFC 6120 section 13.7.1.4. defines this OID xmppAddr = 1.3.6.1.5.5.7.8.5 # RFC 4985 defines this OID SRVName = 1.3.6.1.5.5.7.8.7 [ req ] default_bits = 4096 default_keyfile = example.com.key distinguished_name = distinguished_name req_extensions = certrequest x509_extensions = selfsigned # ask about the DN? prompt = no [ distinguished_name ] commonName = example.com countryName = GB localityName = The Internet organizationName = Your Organisation organizationalUnitName = XMPP Department emailAddress = xmpp@example.com [ certrequest ] # for certificate requests (req_extensions) basicConstraints = CA:FALSE keyUsage = digitalSignature,keyEncipherment extendedKeyUsage = serverAuth,clientAuth subjectAltName = @subject_alternative_name [ selfsigned ] # and self-signed certificates (x509_extensions) basicConstraints = CA:TRUE subjectAltName = @subject_alternative_name [ subject_alternative_name ] # See http://tools.ietf.org/html/rfc6120#section-13.7.1.2 for more info. DNS.0 = example.com otherName.0 = xmppAddr;FORMAT:UTF8,UTF8:example.com otherName.1 = SRVName;IA5STRING:_xmpp-client.example.com otherName.2 = SRVName;IA5STRING:_xmpp-server.example.com DNS.1 = conference.example.com otherName.3 = xmppAddr;FORMAT:UTF8,UTF8:conference.example.com otherName.4 = SRVName;IA5STRING:_xmpp-server.conference.example.com
