Similar to mod_watchregistrations, this module warns admins when an s2s connection fails due for encryption or trust reasons.
The certificate shows the SHA1 hash, so it can easily be used together with mod_s2s_auth_fingerprint.
modules_enabled = {
-- other modules --
"watchuntrusted",
}
untrusted_fail_watchers = { "[email protected]" }
untrusted_fail_notification = "Establishing a secure connection from $from_host to $to_host failed. Certificate hash: $sha1. $errors"
Option | Default | Description |
---|---|---|
untrusted_fail_watchers | All admins | The users to send the message to |
untrusted_fail_notification | “Establishing a secure connection from $from_host to $to_host failed. Certificate hash: $sha1. $errors” | The message to send, $from_host, $to_host, $sha1 and $errors are replaced |
untrusted_message_type | "chat" |
Which kind of message to send.
"normal" or "headline" are other sensible
options |
untrusted_ignore_domains | Empty | The domains that this module should not warn about |
trunk | Works |
With the plugin installer in Prosody 0.12 you can use:
sudo prosodyctl install --server=https://modules.prosody.im/rocks/ mod_watchuntrusted
For earlier versions see the documentation for installing 3rd party modules