weiss
commented
4 years ago Client Certificate Verification in TLS Connection
How would that be different from XEP-0178, section 2 (which is indeed supported by ejabberd)?
Open junaidsarwar414 opened 4 years ago
weiss
commented
4 years ago Client Certificate Verification in TLS Connection
How would that be different from XEP-0178, section 2 (which is indeed supported by ejabberd)?
junaidsarwar414
commented
4 years ago In Xep 0178 Certificate is used for user authentication.While i need to Verify Client Certificate at Ejabberd for TLS Connection and Login With username nd password.
For reference of prosody server Option for Client Certificate Verification is
verify A list of verification options (these mostly map to OpenSSL’s set_verify() flags). Prosody’s default is { "peer", "client_once" }.
Available verification options are:
none (no verification)
peer (verify the peer’s certificate)
client_once (do not request the client’s certificate during renegotiation)
fail_if_no_peer_cert (fail if the peer does not present a certificate)I did ejabberd Setting for TLS_verify: true. But It always Verify the Certificate of Client. i Think its because of this function in fasttls static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) { return 1; } https://github.com/processone/fast_tls/blob/master/c_src/fast_tls.c
I need To Ask that Ejabberd Community version Supports Client Certificate verification .I am not taking about XEP-0178.I want to enable Client Certificate Verification in TLS Connection.