Mercurial > prosody-modules
comparison mod_client_certs/mod_client_certs.lua @ 1096:1abb8f2a5761
mod_client_certs: Update for x509 API in LuaSec 0.5
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 30 Jun 2013 01:12:24 +0200 |
parents | 17ba2c59d661 |
children | 7dbde05b48a9 |
comparison
equal
deleted
inserted
replaced
1095:cb21928bca1d | 1096:1abb8f2a5761 |
---|---|
41 module:log("debug", "This certificate is already expired."); | 41 module:log("debug", "This certificate is already expired."); |
42 return nil, "This certificate is expired."; | 42 return nil, "This certificate is expired."; |
43 end | 43 end |
44 --]] | 44 --]] |
45 | 45 |
46 if not cert:valid_at(os.time()) then | 46 if not cert:validat(os.time()) then |
47 module:log("debug", "This certificate is not valid at this moment."); | 47 module:log("debug", "This certificate is not valid at this moment."); |
48 end | 48 end |
49 | 49 |
50 local valid_id_on_xmppAddrs; | 50 local valid_id_on_xmppAddrs; |
51 local require_id_on_xmppAddr = true; | 51 local require_id_on_xmppAddr = true; |
142 end | 142 end |
143 | 143 |
144 local can_manage = append:get_child("no-cert-management", xmlns_saslcert) ~= nil; | 144 local can_manage = append:get_child("no-cert-management", xmlns_saslcert) ~= nil; |
145 x509cert = x509cert:gsub("^%s*(.-)%s*$", "%1"); | 145 x509cert = x509cert:gsub("^%s*(.-)%s*$", "%1"); |
146 | 146 |
147 local cert = x509.cert_from_pem( | 147 local cert = x509.load( |
148 "-----BEGIN CERTIFICATE-----\n" | 148 "-----BEGIN CERTIFICATE-----\n" |
149 .. x509cert .. | 149 .. x509cert .. |
150 "\n-----END CERTIFICATE-----\n"); | 150 "\n-----END CERTIFICATE-----\n"); |
151 | 151 |
152 | 152 |
300 end | 300 end |
301 | 301 |
302 local name = fields.name; | 302 local name = fields.name; |
303 local x509cert = fields.cert:gsub("^%s*(.-)%s*$", "%1"); | 303 local x509cert = fields.cert:gsub("^%s*(.-)%s*$", "%1"); |
304 | 304 |
305 local cert = x509.cert_from_pem( | 305 local cert = x509.load( |
306 "-----BEGIN CERTIFICATE-----\n" | 306 "-----BEGIN CERTIFICATE-----\n" |
307 .. x509cert .. | 307 .. x509cert .. |
308 "\n-----END CERTIFICATE-----\n"); | 308 "\n-----END CERTIFICATE-----\n"); |
309 | 309 |
310 if not cert then | 310 if not cert then |
353 if not cert then | 353 if not cert then |
354 module:log("error", "No Client Certificate"); | 354 module:log("error", "No Client Certificate"); |
355 return | 355 return |
356 end | 356 end |
357 module:log("info", "Client Certificate: %s", cert:digest(digest_algo)); | 357 module:log("info", "Client Certificate: %s", cert:digest(digest_algo)); |
358 if not cert:valid_at(now()) then | 358 if not cert:validat(now()) then |
359 module:log("debug", "Client has an expired certificate", cert:digest(digest_algo)); | 359 module:log("debug", "Client has an expired certificate", cert:digest(digest_algo)); |
360 return | 360 return |
361 end | 361 end |
362 module:log("debug", "Stream features:\n%s", tostring(features)); | 362 module:log("debug", "Stream features:\n%s", tostring(features)); |
363 local mechs = features:get_child("mechanisms", "urn:ietf:params:xml:ns:xmpp-sasl"); | 363 local mechs = features:get_child("mechanisms", "urn:ietf:params:xml:ns:xmpp-sasl"); |