Mercurial > prosody-modules

view mod_s2s_auth_fingerprint/README.markdown @ 4362:116c88c28532

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_admin_api: restructure group-related info in API - Return the members of the group right in the get_group_by_id call. This is an O(1) of extra work. - Remove the groups attribute from get_user_by_name as that is O(n) of work and rarely immediately needed. The replacement for the group membership information in the user is for now to use the group API and iterate; future work may fix that.
author Jonas Schäfer <jonas@wielicki.name>
date Wed, 20 Jan 2021 15:30:29 +0100
parents 8de50be756e5
children
line wrap: on
line source

---
labels:
- 'Stage-Alpha'
- 'Type-S2SAuth'
summary: Fingerprint based s2s authentication
...

Introduction
============

This module allows you to manually pin certificate fingerprints of
remote servers.

Details
=======

Servers not listed in the configuration are not affected.

Configuration
=============

After installing and enabling this module, you can put fingerprints of
remote servers in your config like this:

``` {.lua}
s2s_auth_fingerprint_digest = "sha1" -- This is the default. Other options are "sha256" and "sha512"
s2s_trusted_fingerprints = {
    ["jabber.org"] = "11:C2:3D:87:3F:95:F8:13:F8:CA:81:33:71:36:A7:00:E0:01:95:ED";
    ["matthewwild.co.uk"] = {
        "FD:7F:B2:B9:4C:C4:CB:E2:E7:48:FB:0D:98:11:C7:D8:4D:2A:62:AA";
        "CF:F3:EC:43:A9:D5:D1:4D:D4:57:09:55:52:BC:5D:73:06:1A:A1:A0";
    };
}

-- If you don't want to fall back to dialback, you can list the domains s2s_secure_domains too
s2s_secure_domains = {
    "jabber.org";
}
```

Compatibility
=============

  ------- --------------
  trunk   Works
  0.9     Works
  0.8     Doesn't work
  ------- --------------