|
1786
|
1 |
#summary Fingerprint based s2s authentication |
|
|
2 |
#labels Stage-Alpha, Type-S2SAuth |
|
|
3 |
|
|
|
4 |
= Introduction = |
|
|
5 |
|
|
|
6 |
This module allows you to manually pin certificate fingerprints of remote servers. |
|
|
7 |
|
|
|
8 |
= Details = |
|
|
9 |
|
|
|
10 |
Servers not listed in the configuration are not affected. |
|
|
11 |
|
|
|
12 |
= Configuration = |
|
|
13 |
|
|
|
14 |
After installing and enabling this module, you can put fingerprints of remote servers in your config like this: |
|
|
15 |
|
|
|
16 |
{{{ |
|
|
17 |
s2s_auth_fingerprint_digest = "sha1" -- This is the default. Other options are "sha256" and "sha512" |
|
|
18 |
s2s_trusted_fingerprints = { |
|
|
19 |
["jabber.org"] = "11:C2:3D:87:3F:95:F8:13:F8:CA:81:33:71:36:A7:00:E0:01:95:ED"; |
|
|
20 |
["matthewwild.co.uk"] = { |
|
|
21 |
"FD:7F:B2:B9:4C:C4:CB:E2:E7:48:FB:0D:98:11:C7:D8:4D:2A:62:AA"; |
|
|
22 |
"CF:F3:EC:43:A9:D5:D1:4D:D4:57:09:55:52:BC:5D:73:06:1A:A1:A0"; |
|
|
23 |
}; |
|
|
24 |
} |
|
|
25 |
|
|
|
26 |
-- If you don't want to fall back to dialback, you can list the domains s2s_secure_domains too |
|
|
27 |
s2s_secure_domains = { |
|
|
28 |
"jabber.org"; |
|
|
29 |
} |
|
|
30 |
}}} |
|
|
31 |
|
|
|
32 |
= Compatibility = |
|
|
33 |
|
|
|
34 |
||trunk||Works|| |
|
|
35 |
||0.9||Works|| |
|
|
36 |
||0.8||Doesn't work|| |
|
|
37 |
|