Mercurial > prosody-modules
view mod_s2s_log_certs/README.markdown @ 5404:1087f697c3f3
mod_http_oauth2: Strip unknown extra fields from client registration
We shouldn't sign things we don't understand!
RFC 7591 section-2 states:
> The authorization server MUST ignore any client metadata sent by the
> client that it does not understand (for instance, by silently removing
> unknown metadata from the client's registration record during
> processing).
Prevents grandfathering in of unvalidated data that might become used
later, especially since the 'additionalProperties' schema keyword was
removed in 698fef74ce53
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 02 May 2023 16:23:40 +0200 |
| parents | ea6b5321db50 |
| children |
line wrap: on
line source
--- summary: Log certificate status and fingerprint of remote servers ... Introduction ============ This module produces info level log messages with the certificate status and fingerprint every time an s2s connection is established. It can also optionally store this in persistent storage. **info** jabber.org has a trusted valid certificate with SHA1: 11:C2:3D:87:3F:95:F8:13:F8:CA:81:33:71:36:A7:00:E0:01:95:ED Fingerprints could then be added to [mod\_s2s\_auth\_fingerprint](mod_s2s_auth_fingerprint.html). Configuration ============= Add the module to the `modules_enabled` list. modules_enabled = { ... "s2s_log_certs"; } If you want to keep track of how many times, and when a certificate is seen add `s2s_log_certs_persist = true` Compatibility ============= ------- -------------- trunk Works 0.10 Works 0.9 Works 0.8 Doesn't work ------- --------------