summaryrefslogtreecommitdiff
path: root/doc/en/ssl.txt
diff options
context:
space:
mode:
authormathieui <mathieui@mathieui.net>2013-04-08 18:52:35 +0200
committermathieui <mathieui@mathieui.net>2013-04-08 18:52:35 +0200
commitbd8d38d711e15d42ac8e797723af5242e4c3f4fb (patch)
treed3ea6da641be1c7e67a3123071cb816933436502 /doc/en/ssl.txt
parente5f219d43edbb4b05c8890f81f2f93b90e215a10 (diff)
downloadpoezio-bd8d38d711e15d42ac8e797723af5242e4c3f4fb.tar.gz
poezio-bd8d38d711e15d42ac8e797723af5242e4c3f4fb.tar.bz2
poezio-bd8d38d711e15d42ac8e797723af5242e4c3f4fb.tar.xz
poezio-bd8d38d711e15d42ac8e797723af5242e4c3f4fb.zip
Beginning of the migration to reST documentation
Diffstat (limited to 'doc/en/ssl.txt')
-rw-r--r--doc/en/ssl.txt62
1 files changed, 0 insertions, 62 deletions
diff --git a/doc/en/ssl.txt b/doc/en/ssl.txt
deleted file mode 100644
index ef7af349..00000000
--- a/doc/en/ssl.txt
+++ /dev/null
@@ -1,62 +0,0 @@
-SSL Management
-==============
-
-Starting from version 0.7.5, poezio offers some options to check the validity
-of a X.509 certificate.
-
-TOFU
-----
-
-The default handling method is the
-link:https://en.wikipedia.org/wiki/User:Dotdotike/Trust_Upon_First_Use[TOFU/TUFU]
-method. At your first connection, poezio will save the hash of the certificate
-received, and will compare the received one and the first one for the next
-connections.
-
-
-If you are paranoid (or run poezio for the first time in an unsafe
-environment), you can set the _certificate_ value of your config file yourself
-(the hash, not colon-separated).
-
-
-If the certificate is not the same, poezio will show an error message and wait
-for confirmation:
-
-image:../images/ssl_warning.png["Warning message", title="Warning message"]
-
-If you press y, the change is validated an poezio will match the next certs
-with the accepted one.
-
-If you press n, you will get the confirmation that the change has been
-refused, and you will be disconnected.
-
-CA-Based
---------
-
-If you are connecting to a large server that has several front-facing
-endpoints, you might be bothered by having to validate the change each time,
-and you may want to check only if it the same authority delivered the
-certificate.
-
-You can then set the _ca_cert_path_ option to the path of a file containing
-the validation chain in link:https://tools.ietf.org/html/rfc1422.html[PEM
-format] ; those certificates are usually in /usr/share/ca-certificates/ but it
-may vary depending of your distribution.
-
-If the authority does not match when connecting, you should be disconnected.
-
-None
-----
-
-If you do not want to bother with certificate validation at all (which can be
-the case when you run poezio on the same computer as your jabber server), you
-can set the _ignore_certificate_ value to true, and let the _ca_cert_path_
-option empty (or even remove it).
-
-
-
-
-
-
-
-