| author | Matthew Wild <mwild1@gmail.com> |
| Fri, 23 Sep 2022 22:41:15 +0100 | |
| changeset 5058 | 62480053c87b |
| parent 2880 | ea6b5321db50 |
| permissions | -rw-r--r-- |
|
1807
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
1 |
--- |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
2 |
summary: Log certificate status and fingerprint of remote servers |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
3 |
... |
| 1786 | 4 |
|
|
1807
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
5 |
Introduction |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
6 |
============ |
| 1786 | 7 |
|
8 |
This module produces info level log messages with the certificate status |
|
|
1807
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
9 |
and fingerprint every time an s2s connection is established. It can also |
| 2880 | 10 |
optionally store this in persistent storage. |
| 1786 | 11 |
|
|
1807
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
12 |
**info** jabber.org has a trusted valid certificate with SHA1: |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
13 |
11:C2:3D:87:3F:95:F8:13:F8:CA:81:33:71:36:A7:00:E0:01:95:ED |
| 1786 | 14 |
|
|
1807
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
15 |
Fingerprints could then be added to |
|
1814
2905137cf541
mod_s2s_log_certs/README: Fix link
Kim Alvefur <zash@zash.se>
parents:
1807
diff
changeset
|
16 |
[mod\_s2s\_auth\_fingerprint](mod_s2s_auth_fingerprint.html). |
| 1786 | 17 |
|
|
1807
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
18 |
Configuration |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
19 |
============= |
| 1786 | 20 |
|
21 |
Add the module to the `modules_enabled` list. |
|
22 |
||
|
1807
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
23 |
modules_enabled = { |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
24 |
... |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
25 |
"s2s_log_certs"; |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
26 |
} |
| 1786 | 27 |
|
|
1807
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
28 |
If you want to keep track of how many times, and when a certificate is |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
29 |
seen add |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
30 |
|
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
31 |
`s2s_log_certs_persist = true` |
| 1786 | 32 |
|
|
1807
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
33 |
Compatibility |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
34 |
============= |
| 1786 | 35 |
|
|
1807
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
36 |
------- -------------- |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
37 |
trunk Works |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
38 |
0.10 Works |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
39 |
0.9 Works |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
40 |
0.8 Doesn't work |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
41 |
------- -------------- |