prosody
d2333b468d07
certs/openssl.cnf
Software / code / prosody
File
certs/openssl.cnf @ 12907:d2333b468d07
mod_c2s: Disconnect accounts when they are disabled
We decided that at the first stage, accounts that are disabled should
simply be prevented from authenticating, thus they should also be
prevented from having connected sessions. Since this is aimed to be a
moderation action for cases of abuse, they shouldn't be allowed to
continue being connected.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 23 Feb 2023 16:28:57 +0100 |
| parent | 12604:bd9e006a7a74 |
line wrap: on
line source
oid_section = new_oids [ new_oids ] # RFC 6120 section 13.7.1.4. defines this OID xmppAddr = 1.3.6.1.5.5.7.8.5 # RFC 4985 defines this OID SRVName = 1.3.6.1.5.5.7.8.7 [ req ] default_bits = 4096 default_keyfile = example.com.key distinguished_name = distinguished_name req_extensions = certrequest x509_extensions = selfsigned # ask about the DN? prompt = no [ distinguished_name ] commonName = example.com countryName = GB localityName = The Internet organizationName = Your Organisation organizationalUnitName = XMPP Department emailAddress = xmpp@example.com [ certrequest ] # for certificate requests (req_extensions) basicConstraints = CA:FALSE keyUsage = digitalSignature,keyEncipherment extendedKeyUsage = serverAuth,clientAuth subjectAltName = @subject_alternative_name [ selfsigned ] # and self-signed certificates (x509_extensions) basicConstraints = CA:TRUE subjectAltName = @subject_alternative_name [ subject_alternative_name ] # See https://www.rfc-editor.org/rfc/rfc6120.html#section-13.7.1.2 for more info. DNS.0 = example.com otherName.0 = xmppAddr;FORMAT:UTF8,UTF8:example.com otherName.1 = SRVName;IA5STRING:_xmpp-client.example.com otherName.2 = SRVName;IA5STRING:_xmpp-server.example.com DNS.1 = conference.example.com otherName.3 = xmppAddr;FORMAT:UTF8,UTF8:conference.example.com otherName.4 = SRVName;IA5STRING:_xmpp-server.conference.example.com
