Mercurial > prosody-modules
view mod_watchuntrusted/README.markdown @ 4293:edde5905744a
mod_s2s_keepalive: Don't send whitespace keepalives before s2sin stream is open
Could possibly result in whitespace before the XML and stream header,
which isn't allowed by the parser.
Don't think s2sout is affected, as the stream is opened early and
doesn't have to wait for the other end.
Thanks Ge0rG
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 10 Dec 2020 11:57:03 +0100 |
| parents | 0e78523f8c20 |
| children |
line wrap: on
line source
--- labels: - 'Stage-Alpha' summary: | Warn admins about outgoing s2s connections that are refused due to invalid or untrusted certificates ... Introduction ============ Similar to mod\_watchregistrations, this module warns admins when an s2s connection fails due for encryption or trust reasons. The certificate shows the SHA1 hash, so it can easily be used together with mod\_s2s\_auth\_fingerprint. Configuration ============= modules_enabled = { -- other modules -- "watchuntrusted", } untrusted_fail_watchers = { "admin@example.lit" } untrusted_fail_notification = "Establishing a secure connection from $from_host to $to_host failed. Certificate hash: $sha1. $errors" Option Default Description ------------------------------- --------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------- untrusted\_fail\_watchers All admins The users to send the message to untrusted\_fail\_notification "Establishing a secure connection from \$from\_host to \$to\_host failed. Certificate hash: \$sha1. \$errors" The message to send, \$from\_host, \$to\_host, \$sha1 and \$errors are replaced untrusted\_message\_type `"chat"` Which kind of message to send. `"normal"` or `"headline"` are other sensible options untrusted\_ignore\_domains Empty The domains that this module should not warn about Compatibility ============= ------- ------- trunk Works ------- -------