Mercurial > prosody-modules
comparison mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua @ 1381:11b6170a50f7
mod_s2s_auth_fingerprint: Log current fingerprint and match status
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 05 Apr 2014 13:41:12 +0200 |
| parents | 703041357f89 |
| children | ee2cedb0f691 |
comparison
equal
deleted
inserted
replaced
| 1380:703041357f89 | 1381:11b6170a50f7 |
|---|---|
| 6 local digest_algo = module:get_option_string(module:get_name().."_digest", "sha1"); | 6 local digest_algo = module:get_option_string(module:get_name().."_digest", "sha1"); |
| 7 | 7 |
| 8 local fingerprints = {}; | 8 local fingerprints = {}; |
| 9 | 9 |
| 10 local function hashprep(h) | 10 local function hashprep(h) |
| 11 return tostring(h):lower():gsub(":",""); | 11 return tostring(h):gsub(":",""):lower(); |
| 12 end | |
| 13 | |
| 14 local function hashfmt(h) | |
| 15 return h:gsub("..",":%0"):sub(2):upper(); | |
| 12 end | 16 end |
| 13 | 17 |
| 14 for host, set in pairs(module:get_option("s2s_trusted_fingerprints", {})) do | 18 for host, set in pairs(module:get_option("s2s_trusted_fingerprints", {})) do |
| 15 local host_set = {} | 19 local host_set = {} |
| 16 if type(set) == "table" then -- list of fingerprints | 20 if type(set) == "table" then -- list of fingerprints |
| 28 | 32 |
| 29 local host_fingerprints = fingerprints[host]; | 33 local host_fingerprints = fingerprints[host]; |
| 30 if host_fingerprints then | 34 if host_fingerprints then |
| 31 local digest = cert and cert:digest(digest_algo); | 35 local digest = cert and cert:digest(digest_algo); |
| 32 if host_fingerprints[digest] then | 36 if host_fingerprints[digest] then |
| 37 module:log("info", "'%s' matched %s fingerprint %s", host, digest_algo:upper(), hashfmt(digest)); | |
| 33 session.cert_chain_status = "valid"; | 38 session.cert_chain_status = "valid"; |
| 34 session.cert_identity_status = "valid"; | 39 session.cert_identity_status = "valid"; |
| 35 return true; | 40 return true; |
| 36 else | 41 else |
| 42 module:log("warn", "'%s' has unknown %s fingerprint %s", host, digest_algo:upper(), hashfmt(digest)); | |
| 37 session.cert_chain_status = "invalid"; | 43 session.cert_chain_status = "invalid"; |
| 38 session.cert_identity_status = "invalid"; | 44 session.cert_identity_status = "invalid"; |
| 39 end | 45 end |
| 40 end | 46 end |
| 41 end); | 47 end); |