Mercurial > prosody-modules
comparison mod_tls_policy/mod_tls_policy.lua @ 4674:1b701f208b1b
mod_tls_policy: Switch method of checking for TLS-encrypted connection
Might deprecate 'session.encrypted', not sure if it's used anywhere
else. This is likely more compatible anyhow.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 09 Sep 2021 20:27:14 +0200 |
| parents | a43ed0d28918 |
| children |
comparison
equal
deleted
inserted
replaced
| 4673:eee7ef8eb0a2 | 4674:1b701f208b1b |
|---|---|
| 9 policy = { cipher = policy }; | 9 policy = { cipher = policy }; |
| 10 end | 10 end |
| 11 | 11 |
| 12 module:hook(event_name, function (event) | 12 module:hook(event_name, function (event) |
| 13 local origin = event.origin; | 13 local origin = event.origin; |
| 14 if origin.encrypted then | 14 if origin.conn and origin.conn:ssl() then |
| 15 local info = origin.conn:socket():info(); | 15 local info = origin.conn:socket():info(); |
| 16 for key, what in pairs(policy) do | 16 for key, what in pairs(policy) do |
| 17 module:log("debug", "Does info[%q] = %s match %s ?", key, tostring(info[key]), tostring(what)); | 17 module:log("debug", "Does info[%q] = %s match %s ?", key, tostring(info[key]), tostring(what)); |
| 18 if (type(what) == "number" and what < info[key] ) or (type(what) == "string" and not info[key]:match(what)) then | 18 if (type(what) == "number" and what < info[key] ) or (type(what) == "string" and not info[key]:match(what)) then |
| 19 origin:close({ condition = "policy-violation", text = ("TLS %s '%s' not acceptable"):format(key, tostring(info[key])) }); | 19 origin:close({ condition = "policy-violation", text = ("TLS %s '%s' not acceptable"):format(key, tostring(info[key])) }); |