mirror of
https://github.com/wez/wezterm.git
synced 2024-12-28 07:55:03 +03:00
58fde836c3
refs: https://github.com/wez/wezterm/issues/63 refs: https://github.com/wez/wezterm/issues/461
68 lines
2.5 KiB
Markdown
68 lines
2.5 KiB
Markdown
# TlsDomainClient
|
|
|
|
The `TlsDomainClient` struct specifies information about how to connect
|
|
to a [TLS Domain](../../multiplexing.md#tls-domains).
|
|
|
|
It is a lua object with the following fields:
|
|
|
|
```lua
|
|
{
|
|
-- The name of this specific domain. Must be unique amongst
|
|
-- all types of domain in the configuration file.
|
|
name = "server.name",
|
|
|
|
-- If set, use ssh to connect, start the server, and obtain
|
|
-- a certificate.
|
|
-- The value is "user@host:port", just like "wezterm ssh" accepts.
|
|
bootstrap_via_ssh = "server.hostname",
|
|
|
|
-- identifies the host:port pair of the remote server.
|
|
remote_address = "server.hostname:8080",
|
|
|
|
-- the path to an x509 PEM encoded private key file.
|
|
-- Omit this if you are using `bootstrap_via_ssh`.
|
|
-- pem_private_key = "/some/path/key.pem",
|
|
|
|
-- the path to an x509 PEM encoded certificate file
|
|
-- Omit this if you are using `bootstrap_via_ssh`.
|
|
-- pem_cert = "/some/path/cert.pem",
|
|
|
|
-- the path to an x509 PEM encoded CA chain file
|
|
-- Omit this if you are using `bootstrap_via_ssh`.
|
|
-- pem_ca = "/some/path/ca.pem",
|
|
|
|
-- A set of paths to load additional CA certificates.
|
|
-- Each entry can be either the path to a directory or to a PEM encoded
|
|
-- CA file. If an entry is a directory, then its contents will be
|
|
-- loaded as CA certs and added to the trust store.
|
|
-- Omit this if you are using `bootstrap_via_ssh`.
|
|
-- pem_root_certs = { "/some/path/ca1.pem", "/some/path/ca2.pem" },
|
|
|
|
-- explicitly control whether the client checks that the certificate
|
|
-- presented by the server matches the hostname portion of
|
|
-- `remote_address`. The default is true. This option is made
|
|
-- available for troubleshooting purposes and should not be used outside
|
|
-- of a controlled environment as it weakens the security of the TLS
|
|
-- channel.
|
|
-- accept_invalid_hostnames = false,
|
|
|
|
-- the hostname string that we expect to match against the common name
|
|
-- field in the certificate presented by the server. This defaults to
|
|
-- the hostname portion of the `remote_address` configuration and you
|
|
-- should not normally need to override this value.
|
|
-- expected_cn = "other.name",
|
|
|
|
-- If true, connect to this domain automatically at startup
|
|
-- connect_automatically = false,
|
|
|
|
-- Specify an alternate read timeout
|
|
-- read_timeout = 60,
|
|
|
|
-- Specify an alternate write timeout
|
|
-- write_timeout = 60,
|
|
|
|
-- The path to the wezterm binary on the remote host
|
|
-- remote_wezterm_path = "/home/myname/bin/wezterm"
|
|
}
|
|
```
|