mod_s2s_auth_certificates

This module does certificate validation and identity checks. It is enabled by default.

Details

The chain validation heavy lifting is done in LuaSec / OpenSSL.

Certificate name validation is done by util.x509.

Configuration

The module itself has no options.

Certificate validiation is affected by TLS configuration, notably the verify and capath or cafile options.

ssl = {
    verify = { "peer", "client_once" };
    capath = "/etc/ssl/certs";
    
    -- other options --
}