Prosody currently sets a flag to make LuaSec validate client certificates as if they were server certificates, due to proper client certificates being unavailable from some previously popular CA in the past. We might not need it anymore.
Zash
on
Let's Encrypt, the only CA, has announced that they will stop setting the client certificate purpose, so we will still need that flag to treat remote servers certificates as server certificates on incoming connections
Prosody currently sets a flag to make LuaSec validate client certificates as if they were server certificates, due to proper client certificates being unavailable from some previously popular CA in the past. We might not need it anymore.
Let's Encrypt, the only CA, has announced that they will stop setting the client certificate purpose, so we will still need that flag to treat remote servers certificates as server certificates on incoming connections
Changes