Open duckspike opened 6 years ago
What is the purpose of this?
1: If the server is not configured to require client certificates, they could easily deconfigure the certificate from their client and evade the ban. A channel ban makes more sense, since the client certificate in question may give access to other parts of network (for example OP in other channels) and thus deconfiguring the certificate will deprive the access from those channels.
2: If the server is configured to require certificates (mandatory client certificates), just revoking the certificate in CRL will do the trick.
As the title suggests, I am presently looking for a way to ban users from the server/network based on their client certificate fingerprint. There is already a way to do this with extbans on a channel level.