Is there a way to get ejabberd to check a certificate revoke list upon s2s connection attempts, denying the connection if present on a revoke list?
Also is there a way to have ejabberd check an external list of SSL certs IDs or fingerprints for a listing before allowing connections?
I am looking to secure a method to enable a "ring" of trusted servers to interconnect provided they are a part of the "ring" and that their certificate is not revoked. Not sure how to approach this.
Thanks
Check s2s_host
Is there a way to get ejabberd to check a certificate revoke list upon s2s connection attempts, denying the connection if present on a revoke list?
Also is there a way to have ejabberd check an external list of SSL certs IDs or fingerprints for a listing before allowing connections?
I think such advanced features are not possible right now in ejabberd.
I am looking to secure a method to enable a "ring" of trusted servers to interconnect provided they are a part of the "ring" and that their certificate is not revoked. Not sure how to approach this.
In ejabberd 2.0.0 you can configure ():
{s2s_default_policy, deny}.
{{s2s_host,"goodhost1.org"}, allow}.
{{s2s_host,"goodhost2.org"}, allow}.
This way ejabberd will reject most S2S connections, and accept only the connections with goodhost1.org and goodhost2.org
Maybe those proposed features would be intesesting too for you:
,