[ejabberd] Does ejabberd support verify_peer on c2s ports

cao.xu cao.xu at rytong.net
Wed Jan 8 15:26:51 MSK 2014


Hi

	I want my ejabberd server to verify peers’ certificate file when configured as starttls, but I found ejabberd didn’t support the verify_peer option in the configuration of c2s. And the source code also proves that(from ejabberd_c2s.erl):

    TLSOpts = [verify_none | TLSOpts1],
    IP = peerip(SockMod, Socket),
    %% Check if IP is blacklisted:                                                                                                                                                   
    case is_ip_blacklisted(IP) of
        true ->
            ?INFO_MSG("Connection attempt from blacklisted IP: ~s (~w)",
                      [jlib:ip_to_list(IP), IP]),
            {stop, normal};
        false ->
            Socket1 =
                if
                    TLSEnabled ->
                        SockMod:starttls(Socket, TLSOpts);
                    true ->
                        Socket

So my question is, does ejabberd support verify_peer now, or dose the tls module support the verify_peer option?

B.R.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20140108/f5bc42b2/attachment.html>


More information about the ejabberd mailing list