mod_watchuntrusted

Introduction

Similar to mod_watchregistrations, this module warns admins when an s2s connection fails due for encryption or trust reasons.

The certificate shows the SHA1 hash, so it can easily be used together with mod_s2s_auth_fingerprint.

Configuration

modules_enabled = {
    -- other modules --
    "watchuntrusted",

}

untrusted_fail_watchers = { "[email protected]" }
untrusted_fail_notification = "Establishing a secure connection from $from_host to $to_host failed. Certificate hash: $sha1. $errors"
Option Default Description
untrusted_fail_watchers All admins The users to send the message to
untrusted_fail_notification “Establishing a secure connection from $from_host to $to_host failed. Certificate hash: $sha1. $errors” The message to send, $from_host, $to_host, $sha1 and $errors are replaced
untrusted_message_type "chat" Which kind of message to send. "normal" or "headline" are other sensible options
untrusted_ignore_domains Empty The domains that this module should not warn about

Compatibility

trunk Works

Installation

With the plugin installer in Prosody 0.12 you can use:

sudo prosodyctl install --server=https://modules.prosody.im/rocks/ mod_watchuntrusted

For earlier versions see the documentation for installing 3rd party modules