diff options
| author | mathieui <mathieui@mathieui.net> | 2013-04-08 18:52:35 +0200 |
|---|---|---|
| committer | mathieui <mathieui@mathieui.net> | 2013-04-08 18:52:35 +0200 |
| commit | bd8d38d711e15d42ac8e797723af5242e4c3f4fb (patch) | |
| tree | d3ea6da641be1c7e67a3123071cb816933436502 /doc/en/ssl.txt | |
| parent | e5f219d43edbb4b05c8890f81f2f93b90e215a10 (diff) | |
| download | poezio-bd8d38d711e15d42ac8e797723af5242e4c3f4fb.tar.gz poezio-bd8d38d711e15d42ac8e797723af5242e4c3f4fb.tar.bz2 poezio-bd8d38d711e15d42ac8e797723af5242e4c3f4fb.tar.xz poezio-bd8d38d711e15d42ac8e797723af5242e4c3f4fb.zip | |
Beginning of the migration to reST documentation
Diffstat (limited to 'doc/en/ssl.txt')
| -rw-r--r-- | doc/en/ssl.txt | 62 |
1 files changed, 0 insertions, 62 deletions
diff --git a/doc/en/ssl.txt b/doc/en/ssl.txt deleted file mode 100644 index ef7af349..00000000 --- a/doc/en/ssl.txt +++ /dev/null @@ -1,62 +0,0 @@ -SSL Management -============== - -Starting from version 0.7.5, poezio offers some options to check the validity -of a X.509 certificate. - -TOFU ----- - -The default handling method is the -link:https://en.wikipedia.org/wiki/User:Dotdotike/Trust_Upon_First_Use[TOFU/TUFU] -method. At your first connection, poezio will save the hash of the certificate -received, and will compare the received one and the first one for the next -connections. - - -If you are paranoid (or run poezio for the first time in an unsafe -environment), you can set the _certificate_ value of your config file yourself -(the hash, not colon-separated). - - -If the certificate is not the same, poezio will show an error message and wait -for confirmation: - -image:../images/ssl_warning.png["Warning message", title="Warning message"] - -If you press y, the change is validated an poezio will match the next certs -with the accepted one. - -If you press n, you will get the confirmation that the change has been -refused, and you will be disconnected. - -CA-Based --------- - -If you are connecting to a large server that has several front-facing -endpoints, you might be bothered by having to validate the change each time, -and you may want to check only if it the same authority delivered the -certificate. - -You can then set the _ca_cert_path_ option to the path of a file containing -the validation chain in link:https://tools.ietf.org/html/rfc1422.html[PEM -format] ; those certificates are usually in /usr/share/ca-certificates/ but it -may vary depending of your distribution. - -If the authority does not match when connecting, you should be disconnected. - -None ----- - -If you do not want to bother with certificate validation at all (which can be -the case when you run poezio on the same computer as your jabber server), you -can set the _ignore_certificate_ value to true, and let the _ca_cert_path_ -option empty (or even remove it). - - - - - - - - |