Mercurial > prosody-modules
comparison mod_s2s_keysize_policy/mod_s2s_keysize_policy.lua @ 2424:27ffa6521d4e
mod_s2s_keysize_policy: Lower log message to a warning since it is not really a fatal error
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 19 Dec 2016 07:50:21 +0100 |
| parents | b21236b6b8d8 |
| children |
comparison
equal
deleted
inserted
replaced
| 2423:1b6027ef5191 | 2424:27ffa6521d4e |
|---|---|
| 26 if cert and cert.pubkey then | 26 if cert and cert.pubkey then |
| 27 local _, key_type, key_size = cert:pubkey(); | 27 local _, key_type, key_size = cert:pubkey(); |
| 28 if key_size < ( weak_key_size[key_type] or 0 ) then | 28 if key_size < ( weak_key_size[key_type] or 0 ) then |
| 29 local issued = parse_x509_datetime(cert:notbefore()); | 29 local issued = parse_x509_datetime(cert:notbefore()); |
| 30 if issued > weak_key_cutoff then | 30 if issued > weak_key_cutoff then |
| 31 session.log("error", "%s has a %s-bit %s key issued after 31 December 2013, invalidating trust!", host, key_size, key_type); | 31 session.log("warn", "%s has a %s-bit %s key issued after 31 December 2013, invalidating trust!", host, key_size, key_type); |
| 32 session.cert_chain_status = "invalid"; | 32 session.cert_chain_status = "invalid"; |
| 33 session.cert_identity_status = "invalid"; | 33 session.cert_identity_status = "invalid"; |
| 34 else | 34 else |
| 35 session.log("warn", "%s has a %s-bit %s key", host, key_size, key_type); | 35 session.log("warn", "%s has a %s-bit %s key", host, key_size, key_type); |
| 36 end | 36 end |