annotate mod_checkcerts/mod_checkcerts.lua @ 685:19698c5f3ab3

mod_host_guard: prevent possible traces in case there isn't a conn object on the session by adding a dummy replacement function.
author Marco Cirillo <maranda@lightwitch.org>
date Sun, 27 May 2012 04:44:24 +0000
parents ea9941812721
children 1983d4d51e1a
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
667
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 local ssl = require"ssl";
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 if not ssl.cert_from_pem then
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 module:log("error", "This version of LuaSec (%s) doesn't support certificate checking", ssl._VERSION);
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 return
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 end
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 local function check_certs_validity()
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 local ssl_config = config.rawget(module.host, "core", "ssl");
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 if not ssl_config then
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 local base_host = module.host:match("%.(.*)");
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 ssl_config = config.get(base_host, "core", "ssl");
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 end
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 if ssl.cert_from_pem and ssl_config.certificate then
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 local certfile = ssl_config.certificate;
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 local cert;
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 local fh, err = io.open(certfile);
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 cert = fh and fh:read"*a";
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19 cert = cert and ssl.cert_from_pem(cert);
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 if not cert then return end
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 fh:close();
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 if not cert:valid_at(os.time()) then
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 module:log("warn", "The certificate %s has expired", certfile);
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 elseif not cert:valid_at(os.time()+86400*7) then
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 module:log("warn", "The certificate %s will expire this week", certfile);
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 elseif not cert:valid_at(os.time()+86400*30) then
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 module:log("info", "The certificate %s will expire later this month", certfile);
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 end
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 end
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 end
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 module.load = check_certs_validity;
ea9941812721 mod_checkcerts: New module that logs a warning when your cert is about to expire.
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 module:hook_global("config-reloaded", check_certs_validity);