core.certmanager: Do not ask for client certificates by default

Since it's mostly only mod_s2s that needs to request client certificates it makes some sense to have mod_s2s ask for this, instead of having eg mod_http ask to disable it.
author: Kim Alvefur <zash@zash.se> 2019-03-10 19:58:28 +0100
committer: Kim Alvefur <zash@zash.se> 2019-03-10 19:58:28 +0100
commit: 9f65ce71893ef10485442ee209472a38865da081 (patch)
tree: aa9153069270fcd77844f666379d2bba6a38d02f /plugins
parent: 5fb7d2d35a2c24a9152931d29d614c2aa8714c7e (diff)
download: prosody-9f65ce71893ef10485442ee209472a38865da081.tar.gz
prosody-9f65ce71893ef10485442ee209472a38865da081.zip
2 files changed, 3 insertions, 3 deletions
diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua
index 829c2d02..17ea27e1 100644
--- a/plugins/mod_http.lua
+++ b/plugins/mod_http.lua
@@ -228,9 +228,6 @@ module:provides("net", {
 	listener = server.listener;
 	default_port = 5281;
 	encryption = "ssl";
-	ssl_config = {
-		verify = "none";
-	};
 	multiplex = {
 		pattern = "^[A-Z]";
 	};
diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index 79308847..b0d551fe 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -738,6 +738,9 @@ module:provides("net", {
 	listener = listener;
 	default_port = 5269;
 	encryption = "starttls";
+	ssl_config = {
+		verify = { "peer", "client_once", };
+	};
 	multiplex = {
 		pattern = "^<.*:stream.*%sxmlns%s*=%s*(['\"])jabber:server%1.*>";
 	};
author	Kim Alvefur <zash@zash.se>	2019-03-10 19:58:28 +0100
committer	Kim Alvefur <zash@zash.se>	2019-03-10 19:58:28 +0100
commit	9f65ce71893ef10485442ee209472a38865da081 (patch)
tree	aa9153069270fcd77844f666379d2bba6a38d02f /plugins
parent	5fb7d2d35a2c24a9152931d29d614c2aa8714c7e (diff)
download	prosody-9f65ce71893ef10485442ee209472a38865da081.tar.gz prosody-9f65ce71893ef10485442ee209472a38865da081.zip