Mercurial > prosody-modules

view mod_watchuntrusted/README.markdown @ 4362:116c88c28532

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_admin_api: restructure group-related info in API - Return the members of the group right in the get_group_by_id call. This is an O(1) of extra work. - Remove the groups attribute from get_user_by_name as that is O(n) of work and rarely immediately needed. The replacement for the group membership information in the user is for now to use the group API and iterate; future work may fix that.
author Jonas Schäfer <jonas@wielicki.name>
date Wed, 20 Jan 2021 15:30:29 +0100
parents 0e78523f8c20
children
line wrap: on
line source

---
labels:
- 'Stage-Alpha'
summary: |
    Warn admins about outgoing s2s connections that are refused due to
    invalid or untrusted certificates
...

Introduction
============

Similar to mod\_watchregistrations, this module warns admins when an s2s
connection fails due for encryption or trust reasons.

The certificate shows the SHA1 hash, so it can easily be used together
with mod\_s2s\_auth\_fingerprint.

Configuration
=============

    modules_enabled = {
        -- other modules --
        "watchuntrusted",

    }

    untrusted_fail_watchers = { "admin@example.lit" }
    untrusted_fail_notification = "Establishing a secure connection from $from_host to $to_host failed. Certificate hash: $sha1. $errors"

  Option                          Default                                                                                                         Description
  ------------------------------- --------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------
  untrusted\_fail\_watchers       All admins                                                                                                      The users to send the message to
  untrusted\_fail\_notification   "Establishing a secure connection from \$from\_host to \$to\_host failed. Certificate hash: \$sha1. \$errors"   The message to send, \$from\_host, \$to\_host, \$sha1 and \$errors are replaced
  untrusted\_message\_type        `"chat"`                                                                                                        Which kind of message to send. `"normal"` or `"headline"` are other sensible options
  untrusted\_ignore\_domains      Empty                                                                                                           The domains that this module should not warn about

Compatibility
=============

  ------- -------
  trunk   Works
  ------- -------