author | Kim Alvefur <zash@zash.se> |
Sun, 13 Sep 2015 15:45:40 +0200 | |
changeset 1848 | 04e168063fc7 |
parent 1814 | 2905137cf541 |
child 2880 | ea6b5321db50 |
permissions | -rw-r--r-- |
1807
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
1 |
--- |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
2 |
summary: Log certificate status and fingerprint of remote servers |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
3 |
... |
1786 | 4 |
|
1807
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
5 |
Introduction |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
6 |
============ |
1786 | 7 |
|
8 |
This module produces info level log messages with the certificate status |
|
1807
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
9 |
and fingerprint every time an s2s connection is established. It can also |
1786 | 10 |
optionally store this in persistant storage. |
11 |
||
1807
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
12 |
**info** jabber.org has a trusted valid certificate with SHA1: |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
13 |
11:C2:3D:87:3F:95:F8:13:F8:CA:81:33:71:36:A7:00:E0:01:95:ED |
1786 | 14 |
|
1807
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
15 |
Fingerprints could then be added to |
1814
2905137cf541
mod_s2s_log_certs/README: Fix link
Kim Alvefur <zash@zash.se>
parents:
1807
diff
changeset
|
16 |
[mod\_s2s\_auth\_fingerprint](mod_s2s_auth_fingerprint.html). |
1786 | 17 |
|
1807
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
18 |
Configuration |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
19 |
============= |
1786 | 20 |
|
21 |
Add the module to the `modules_enabled` list. |
|
22 |
||
1807
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
23 |
modules_enabled = { |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
24 |
... |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
25 |
"s2s_log_certs"; |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
26 |
} |
1786 | 27 |
|
1807
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
28 |
If you want to keep track of how many times, and when a certificate is |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
29 |
seen add |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
30 |
|
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
31 |
`s2s_log_certs_persist = true` |
1786 | 32 |
|
1807
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
33 |
Compatibility |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
34 |
============= |
1786 | 35 |
|
1807
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
36 |
------- -------------- |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
37 |
trunk Works |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
38 |
0.10 Works |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
39 |
0.9 Works |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
40 |
0.8 Doesn't work |
4d73a1a6ba68
Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents:
1791
diff
changeset
|
41 |
------- -------------- |