Mercurial > prosody-modules

view mod_s2s_log_certs/README.markdown @ 5516:f25df3af02c1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_client_management: Include client software version number in listing Should you ever wish to revoke a client by version number, e.g. for security reasons affecting certain versions, then it would be good to at the very least see which version is used. Also includes the OAuth2 software ID, an optional unique identifier that should be the same for all installations of a particular software.
author Kim Alvefur <zash@zash.se>
date Sat, 03 Jun 2023 19:21:39 +0200
parents ea6b5321db50
children
line wrap: on
line source

---
summary: Log certificate status and fingerprint of remote servers
...

Introduction
============

This module produces info level log messages with the certificate status
and fingerprint every time an s2s connection is established. It can also
optionally store this in persistent storage.

**info** jabber.org has a trusted valid certificate with SHA1:
11:C2:3D:87:3F:95:F8:13:F8:CA:81:33:71:36:A7:00:E0:01:95:ED

Fingerprints could then be added to
[mod\_s2s\_auth\_fingerprint](mod_s2s_auth_fingerprint.html).

Configuration
=============

Add the module to the `modules_enabled` list.

    modules_enabled = {
        ...
        "s2s_log_certs";
    }

If you want to keep track of how many times, and when a certificate is
seen add

`s2s_log_certs_persist = true`

Compatibility
=============

  ------- --------------
  trunk   Works
  0.10    Works
  0.9     Works
  0.8     Doesn't work
  ------- --------------