<html><head><meta http-equiv="Content-Type" content="text/html charset=GB2312"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">Hi<div><br></div><div><span class="Apple-tab-span" style="white-space:pre">   </span>I want my ejabberd server to verify peersí» certificate file when configured as starttls, but I found ejabberd didní»t support the verify_peer option in the configuration of c2s. And the source code also proves that(from ejabberd_c2s.erl):</div><div><br></div><div><div style="margin: 0px; font-size: 11px; font-family: Menlo;">    <span style="color: #ce7924">TLSOpts</span> = [verify_none | <span style="color: #ce7924">TLSOpts1</span>],</div><div style="margin: 0px; font-size: 11px; font-family: Menlo; color: rgb(206, 121, 36);"><span style="color: #000000">    </span>IP<span style="color: #000000"> = </span><span style="color: #35a327">peerip</span><span style="color: #000000">(</span>SockMod<span style="color: #000000">, </span>Socket<span style="color: #000000">),</span></div><div style="margin: 0px; font-size: 11px; font-family: Menlo; color: rgb(215, 57, 30);"><span style="color: #000000">    </span>%% Check if IP is blacklisted:                                                                                                                                                   </div><div style="margin: 0px; font-size: 11px; font-family: Menlo; color: rgb(53, 163, 39);"><span style="color: #000000">    </span><span style="color: #d03cff">case</span><span style="color: #000000"> </span>is_ip_blacklisted<span style="color: #000000">(</span><span style="color: #ce7924">IP</span><span style="color: #000000">) </span><span style="color: #d03cff">of</span></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;">        true -></div><div style="margin: 0px; font-size: 11px; font-family: Menlo; color: rgb(175, 55, 130);"><span style="color: #000000">            ?</span><span style="color: #34a2a1">INFO_MSG</span><span style="color: #000000">(</span>"Connection attempt from blacklisted IP: ~s (~w)"<span style="color: #000000">,</span></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;">                      [<span style="color: #35a327">jlib</span>:<span style="color: #35a327">ip_to_list</span>(<span style="color: #ce7924">IP</span>), <span style="color: #ce7924">IP</span>]),</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;">            {stop, normal};</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;">        false -></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;">            <span style="color: #ce7924">Socket1</span> =</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;">                <span style="color: #d03cff">if</span></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;">                    <span style="color: #ce7924">TLSEnabled</span> -></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;">                        <span style="color: #ce7924">SockMod</span>:<span style="color: #35a327">starttls</span>(<span style="color: #ce7924">Socket</span>, <span style="color: #ce7924">TLSOpts</span>);</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;">                    true -></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;">                        <span style="color: #ce7924">Socket</span></div></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;"><br></div><div style="margin: 0px;"><span style="font-family: Helvetica; font-size: 12px;">So my question is, does ejabberd support verify_peer now, or dose the </span>tls module support the verify_peer option?</div><div style="margin: 0px;"><br></div><div style="margin: 0px;">B.R.</div><div style="margin: 0px;"><br></div><div style="margin: 0px;"><br></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;"><br></div></body></html>