Mercurial > prosody-modules
comparison mod_s2s_keysize_policy/mod_s2s_keysize_policy.lua @ 1324:853a382c9bd6
mod_turncredentials: Advertise the XEP-0215 feature (thanks Gryffus)
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 28 Feb 2014 15:36:06 +0100 |
| parents | fc42f8484451 |
| children | b21236b6b8d8 |
comparison
equal
deleted
inserted
replaced
| 1323:c84ff82658cb | 1324:853a382c9bd6 |
|---|---|
| 24 module:hook("s2s-check-certificate", function(event) | 24 module:hook("s2s-check-certificate", function(event) |
| 25 local host, session, cert = event.host, event.session, event.cert; | 25 local host, session, cert = event.host, event.session, event.cert; |
| 26 if cert and cert.pubkey then | 26 if cert and cert.pubkey then |
| 27 local _, key_type, key_size = cert:pubkey(); | 27 local _, key_type, key_size = cert:pubkey(); |
| 28 if key_size < ( weak_key_size[key_type] or 0 ) then | 28 if key_size < ( weak_key_size[key_type] or 0 ) then |
| 29 local issued = parse_x509_datetime(cert:notbefore()); | 29 local expires = parse_x509_datetime(cert:notafter()); |
| 30 if issued > weak_key_cutoff then | 30 if expires > weak_key_cutoff then |
| 31 session.log("error", "%s has a %s-bit %s key issued after 31 December 2013, invalidating trust!", host, key_size, key_type); | 31 session.log("error", "%s has a %s-bit %s key valid after 31 December 2013, invalidating trust!", host, key_size, key_type); |
| 32 session.cert_chain_status = "invalid"; | 32 session.cert_chain_status = "invalid"; |
| 33 session.cert_identity_status = "invalid"; | 33 session.cert_identity_status = "invalid"; |
| 34 else | 34 else |
| 35 session.log("warn", "%s has a %s-bit %s key", host, key_size, key_type); | 35 session.log("warn", "%s has a %s-bit %s key", host, key_size, key_type); |
| 36 end | 36 end |