view mod_watchuntrusted/README.markdown @ 1880:a7c1f1b6ef05

mod_checkcerts: Improve error handling when loading certificate
author Kim Alvefur <>
date Tue, 29 Sep 2015 14:56:46 +0200
parents 4d73a1a6ba68
children ec671ad1a8a9
line wrap: on
line source

- 'Stage-Alpha'
summary: |
    Warn admins about outgoing s2s connections that are refused due to
    invalid or untrusted certificates


Similar to mod\_watchregistrations, this module warns admins when an s2s
connection fails due for encryption or trust reasons.

The certificate shows the SHA1 hash, so it can easily be used together
with mod\_s2s\_auth\_fingerprint.


    modules_enabled = {
        -- other modules --


    untrusted_fail_watchers = { "admin@example.lit" }
    untrusted_fail_notification = "Establishing a secure connection from $from_host to $to_host failed. Certificate hash: $sha1. $errors"

  Option                          Default                                                                                                         Description
  ------------------------------- --------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------
  untrusted\_fail\_watchers       All admins                                                                                                      The users to send the message to
  untrusted\_fail\_notification   "Establishing a secure connection from \$from\_host to \$to\_host failed. Certificate hash: \$sha1. \$errors"   The message to send, \$from\_host, \$to\_host, \$sha1 and \$errors are replaced


  ------- -------
  trunk   Works
  ------- -------