Mercurial > prosody-modules
comparison mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua @ 1325:b21236b6b8d8
Backed out changeset 853a382c9bd6
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 28 Feb 2014 15:37:55 +0100 |
| parents | 853a382c9bd6 |
| children | 703041357f89 |
comparison
equal
deleted
inserted
replaced
| 1324:853a382c9bd6 | 1325:b21236b6b8d8 |
|---|---|
| 3 | 3 |
| 4 module:set_global(); | 4 module:set_global(); |
| 5 | 5 |
| 6 local digest_algo = module:get_option_string(module:get_name().."_digest", "sha1"); | 6 local digest_algo = module:get_option_string(module:get_name().."_digest", "sha1"); |
| 7 local must_match = module:get_option_boolean("s2s_pin_fingerprints", false); | 7 local must_match = module:get_option_boolean("s2s_pin_fingerprints", false); |
| 8 local tofu = module:get_option_boolean("s2s_tofu", false); | |
| 9 | 8 |
| 10 local fingerprints = {}; | 9 local fingerprints = {}; |
| 11 | 10 |
| 12 local function hashprep(h) | 11 local function hashprep(h) |
| 13 return tostring(h):lower():gsub(":",""); | 12 return tostring(h):lower():gsub(":",""); |
| 37 return true; | 36 return true; |
| 38 elseif must_match then | 37 elseif must_match then |
| 39 session.cert_chain_status = "invalid"; | 38 session.cert_chain_status = "invalid"; |
| 40 session.cert_identity_status = "invalid"; | 39 session.cert_identity_status = "invalid"; |
| 41 end | 40 end |
| 42 elseif tofu | |
| 43 and ( session.cert_chain_status ~= "valid" | |
| 44 or session.cert_identity_status ~= "valid" ) then | |
| 45 local digest = cert and cert:digest(digest_algo); | |
| 46 fingerprints[host] = { | |
| 47 [digest] = true; | |
| 48 } | |
| 49 end | 41 end |
| 50 end); | 42 end); |
| 51 | |
| 52 function module.save() | |
| 53 return { fingerprints = fingerprints }; | |
| 54 end | |
| 55 | |
| 56 function module.restore(state) | |
| 57 fingerprints = state.fingerprints; | |
| 58 end |