1 #summary Fingerprint based s2s authentication

     2 #labels Stage-Alpha, Type-S2SAuth

     3 

     4 = Introduction =

     5 

     6 This module allows you to manually pin certificate fingerprints of remote servers.

     7 

     8 = Details =

     9 

    10 Servers not listed in the configuration are not affected.

    11 

    12 = Configuration =

    13 

    14 After installing and enabling this module, you can put fingerprints of remote servers in your config like this:

    15 

    16 {{{

    17 s2s_auth_fingerprint_digest = "sha1" -- This is the default. Other options are "sha256" and "sha512"

    18 s2s_trusted_fingerprints = {

    19 	["jabber.org"] = "11:C2:3D:87:3F:95:F8:13:F8:CA:81:33:71:36:A7:00:E0:01:95:ED";

    20 	["matthewwild.co.uk"] = {

    21 		"FD:7F:B2:B9:4C:C4:CB:E2:E7:48:FB:0D:98:11:C7:D8:4D:2A:62:AA";

    22 		"CF:F3:EC:43:A9:D5:D1:4D:D4:57:09:55:52:BC:5D:73:06:1A:A1:A0";

    23 	};

    24 }

    25 

    26 -- If you don't want to fall back to dialback, you can list the domains s2s_secure_domains too

    27 s2s_secure_domains = {

    28 	"jabber.org";

    29 }

    30 }}}

    31 

    32 = Compatibility =

    33 

    34 ||trunk||Works||

    35 ||0.9||Works||

    36 ||0.8||Doesn't work||

    37