prosody
f45a29b32f7a
certs/localhost.cnf
Software / code / prosody
File
certs/localhost.cnf @ 13127:f45a29b32f7a
mod_http: Make RFC 7239 Forwarded opt-in for now to be safe
Supporting both methods at the same time may open to spoofing attacks,
whereby a client sends a Forwarded header that is not stripped by a
reverse proxy, leading Prosody to use that instead of the X-Forwarded-*
headers actually sent by the proxy.
By only supporting one at a time, it can be configured to match what the
proxy uses.
Disabled by default since implementations are sparse and X-Forwarded-*
are everywhere.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 03 Jun 2023 21:53:20 +0200 |
| parent | 7693:93c041d5bb0b |
line wrap: on
line source
[v3_extensions] basicConstraints = CA:TRUE subjectAltName = @subject_alternative_name [subject_alternative_name] DNS.0 = localhost otherName.0 = 1.3.6.1.5.5.7.8.7;IA5STRING:_xmpp-client.localhost otherName.1 = 1.3.6.1.5.5.7.8.7;IA5STRING:_xmpp-server.localhost otherName.2 = 1.3.6.1.5.5.7.8.5;FORMAT:UTF8,UTF8:localhost [distinguished_name] countryName = GB organizationName = Prosody IM organizationalUnitName = https://prosody.im/doc/certificates commonName = Example certificate [req] prompt = no x509_extensions = v3_extensions req_extensions = v3_extensions distinguished_name = distinguished_name
