Mercurial > prosody-modules

comparison mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua @ 1324:853a382c9bd6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_turncredentials: Advertise the XEP-0215 feature (thanks Gryffus)
author Kim Alvefur <zash@zash.se>
date Fri, 28 Feb 2014 15:36:06 +0100
parents 2b62a3b76d76
children b21236b6b8d8
comparison
equal deleted inserted replaced
1323:c84ff82658cb 1324:853a382c9bd6
3 3
4 module:set_global(); 4 module:set_global();
5 5
6 local digest_algo = module:get_option_string(module:get_name().."_digest", "sha1"); 6 local digest_algo = module:get_option_string(module:get_name().."_digest", "sha1");
7 local must_match = module:get_option_boolean("s2s_pin_fingerprints", false); 7 local must_match = module:get_option_boolean("s2s_pin_fingerprints", false);
8 local tofu = module:get_option_boolean("s2s_tofu", false);
8 9
9 local fingerprints = {}; 10 local fingerprints = {};
10 11
11 local function hashprep(h) 12 local function hashprep(h)
12 return tostring(h):lower():gsub(":",""); 13 return tostring(h):lower():gsub(":","");
36 return true; 37 return true;
37 elseif must_match then 38 elseif must_match then
38 session.cert_chain_status = "invalid"; 39 session.cert_chain_status = "invalid";
39 session.cert_identity_status = "invalid"; 40 session.cert_identity_status = "invalid";
40 end 41 end
42 elseif tofu
43 and ( session.cert_chain_status ~= "valid"
44 or session.cert_identity_status ~= "valid" ) then
45 local digest = cert and cert:digest(digest_algo);
46 fingerprints[host] = {
47 [digest] = true;
48 }
41 end 49 end
42 end); 50 end);
51
52 function module.save()
53 return { fingerprints = fingerprints };
54 end
55
56 function module.restore(state)
57 fingerprints = state.fingerprints;
58 end