Mercurial > prosody-modules

view mod_s2s_log_certs/README.markdown @ 5668:ecfd7aece33b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_measure_modules: Report module statuses via OpenMetrics Someone in the chat asked about a health check endpoint, which reminded me of mod_http_status, which provides access to module statuses with full details. After that, this idea came about, which seems natural. As noted in the README, it could be used to monitor that critical modules are in fact loaded correctly. As more modules use the status API, the more useful this module and mod_http_status becomes.
author Kim Alvefur <zash@zash.se>
date Fri, 06 Oct 2023 18:34:39 +0200
parents ea6b5321db50
children
line wrap: on
line source

---
summary: Log certificate status and fingerprint of remote servers
...

Introduction
============

This module produces info level log messages with the certificate status
and fingerprint every time an s2s connection is established. It can also
optionally store this in persistent storage.

**info** jabber.org has a trusted valid certificate with SHA1:
11:C2:3D:87:3F:95:F8:13:F8:CA:81:33:71:36:A7:00:E0:01:95:ED

Fingerprints could then be added to
[mod\_s2s\_auth\_fingerprint](mod_s2s_auth_fingerprint.html).

Configuration
=============

Add the module to the `modules_enabled` list.

    modules_enabled = {
        ...
        "s2s_log_certs";
    }

If you want to keep track of how many times, and when a certificate is
seen add

`s2s_log_certs_persist = true`

Compatibility
=============

  ------- --------------
  trunk   Works
  0.10    Works
  0.9     Works
  0.8     Doesn't work
  ------- --------------