infrastructure/mox
1
0
Fork 0
mirror of https://github.com/mjl-/mox.git synced 2025-07-10 07:54:40 +03:00
Code Issues Packages Projects Releases Wiki Activity

when suggesting CAA records for a domain, suggest variants that bind to the account id and with validation methods used by mox

Browse Source 
should prevent potential mitm attacks. especially when done close to the
machine itself (where a http/tls challenge is intercepted to get a valid
certificate), as seen on the internet last month.
This commit is contained in:
Mechiel Lukkien
2023-12-21 15:16:30 +01:00
parent ca97293cb2
commit db3fef4981
11 changed files with 123 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
config/doc.go
View File

@ -96,6 +96,11 @@ describe-static" and "mox config describe-domains":
# configuring port forwarding. (optional)
Port: 0
# If set, used for suggested CAA DNS records, for restricting TLS certificate
# issuance to a Certificate Authority. If empty and DirectyURL is for Let's
# Encrypt, this value is set automatically to letsencrypt.org. (optional)
IssuerDomainName:
# File containing hash of admin password, for authentication in the web admin
# pages (if enabled). (optional)
AdminPasswordFile: