Mercurial > prosody-modules
comparison mod_s2s_keysize_policy/mod_s2s_keysize_policy.lua @ 1325:b21236b6b8d8
Backed out changeset 853a382c9bd6
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 28 Feb 2014 15:37:55 +0100 |
parents | 853a382c9bd6 |
children | 27ffa6521d4e |
comparison
equal
deleted
inserted
replaced
1324:853a382c9bd6 | 1325:b21236b6b8d8 |
---|---|
24 module:hook("s2s-check-certificate", function(event) | 24 module:hook("s2s-check-certificate", function(event) |
25 local host, session, cert = event.host, event.session, event.cert; | 25 local host, session, cert = event.host, event.session, event.cert; |
26 if cert and cert.pubkey then | 26 if cert and cert.pubkey then |
27 local _, key_type, key_size = cert:pubkey(); | 27 local _, key_type, key_size = cert:pubkey(); |
28 if key_size < ( weak_key_size[key_type] or 0 ) then | 28 if key_size < ( weak_key_size[key_type] or 0 ) then |
29 local expires = parse_x509_datetime(cert:notafter()); | 29 local issued = parse_x509_datetime(cert:notbefore()); |
30 if expires > weak_key_cutoff then | 30 if issued > weak_key_cutoff then |
31 session.log("error", "%s has a %s-bit %s key valid after 31 December 2013, invalidating trust!", host, key_size, key_type); | 31 session.log("error", "%s has a %s-bit %s key issued after 31 December 2013, invalidating trust!", host, key_size, key_type); |
32 session.cert_chain_status = "invalid"; | 32 session.cert_chain_status = "invalid"; |
33 session.cert_identity_status = "invalid"; | 33 session.cert_identity_status = "invalid"; |
34 else | 34 else |
35 session.log("warn", "%s has a %s-bit %s key", host, key_size, key_type); | 35 session.log("warn", "%s has a %s-bit %s key", host, key_size, key_type); |
36 end | 36 end |