Mercurial > prosody-modules

comparison mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua @ 1380:703041357f89

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_s2s_auth_fingerprint: Allways pin fingerprints
author Kim Alvefur <zash@zash.se>
date Sat, 05 Apr 2014 13:40:13 +0200
parents b21236b6b8d8
children 11b6170a50f7
comparison
equal deleted inserted replaced
1379:403d5cd924eb 1380:703041357f89
1 -- Copyright (C) 2013 Kim Alvefur 1 -- Copyright (C) 2013-2014 Kim Alvefur
2 -- This file is MIT/X11 licensed. 2 -- This file is MIT/X11 licensed.
3 3
4 module:set_global(); 4 module:set_global();
5 5
6 local digest_algo = module:get_option_string(module:get_name().."_digest", "sha1"); 6 local digest_algo = module:get_option_string(module:get_name().."_digest", "sha1");
7 local must_match = module:get_option_boolean("s2s_pin_fingerprints", false);
8 7
9 local fingerprints = {}; 8 local fingerprints = {};
10 9
11 local function hashprep(h) 10 local function hashprep(h)
12 return tostring(h):lower():gsub(":",""); 11 return tostring(h):lower():gsub(":","");
32 local digest = cert and cert:digest(digest_algo); 31 local digest = cert and cert:digest(digest_algo);
33 if host_fingerprints[digest] then 32 if host_fingerprints[digest] then
34 session.cert_chain_status = "valid"; 33 session.cert_chain_status = "valid";
35 session.cert_identity_status = "valid"; 34 session.cert_identity_status = "valid";
36 return true; 35 return true;
37 elseif must_match then 36 else
38 session.cert_chain_status = "invalid"; 37 session.cert_chain_status = "invalid";
39 session.cert_identity_status = "invalid"; 38 session.cert_identity_status = "invalid";
40 end 39 end
41 end 40 end
42 end); 41 end);