Mercurial > prosody-modules
annotate mod_sslv3_warn/mod_sslv3_warn.lua @ 5255:001c8fdc91a4
mod_http_oauth2: Add support for the "openid" scope
This "openid" scope is there to signal access to the userinfo endpoint,
which is needed for OIDC support.
We don't actually check this later because the userinfo endpoint only
returns info embedded in the token itself, but in the future we may want
to check this more carefully.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 16 Mar 2023 17:06:35 +0100 |
| parents | 37cef218ba20 |
| children |
| rev | line source |
|---|---|
|
1525
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 local st = require"util.stanza"; |
|
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 local host = module.host; |
|
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
|
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 local warning_message = module:get_option_string("sslv3_warning", "Your connection is encrypted using the SSL 3.0 protocol, which has been demonstrated to be insecure and will be disabled soon. Please upgrade your client."); |
|
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
|
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 module:hook("resource-bind", function (event) |
|
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 local session = event.session; |
|
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 module:log("debug", "mod_%s sees that %s logged in", module.name, session.username); |
|
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 |
|
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 local ok, protocol = pcall(function(session) |
|
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 return session.conn:socket():info"protocol"; |
|
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 end, session); |
|
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 if not ok then |
|
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 module:log("debug", protocol); |
|
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 elseif protocol == "SSLv3" then |
|
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 module:add_timer(15, function () |
|
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 if session.type == "c2s" and session.resource then |
|
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 session.send(st.message({ from = host, type = "headline", to = session.full_jid }, warning_message)); |
|
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 end |
|
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 end); |
|
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 end |
|
37cef218ba20
mod_sslv3_warn: Module to notice users connected with SSLv3 that they need to upgrade becasue SSLv3 is insecure
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 end); |