Mercurial > prosody-modules
comparison mod_tls_policy/mod_tls_policy.lua @ 1615:d0fd8a29b724
mod_tls_policy: Include which part of the cipher that did not match the policy in stream error
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 23 Feb 2015 15:45:11 +0100 |
| parents | c5ca63ac0e1b |
| children | a43ed0d28918 |
comparison
equal
deleted
inserted
replaced
| 1614:79adec50b24d | 1615:d0fd8a29b724 |
|---|---|
| 14 if origin.encrypted then | 14 if origin.encrypted then |
| 15 local info = origin.conn:socket():info(); | 15 local info = origin.conn:socket():info(); |
| 16 for key, what in pairs(policy) do | 16 for key, what in pairs(policy) do |
| 17 module:log("debug", "Does info[%q] = %s match %s ?", key, tostring(info[key]), tostring(what)); | 17 module:log("debug", "Does info[%q] = %s match %s ?", key, tostring(info[key]), tostring(what)); |
| 18 if (type(what) == "number" and what < info[key] ) or (type(what) == "string" and not info[key]:match(what)) then | 18 if (type(what) == "number" and what < info[key] ) or (type(what) == "string" and not info[key]:match(what)) then |
| 19 origin:close({ condition = "policy-violation", text = "Cipher not acceptable" }); | 19 origin:close({ condition = "policy-violation", text = ("TLS %s '%s' not acceptable"):format(key, tostring(info[key])) }); |
| 20 return false; | 20 return false; |
| 21 end | 21 end |
| 22 module:log("debug", "Seems so"); | 22 module:log("debug", "Seems so"); |
| 23 end | 23 end |
| 24 module:log("debug", "Policy matches"); | 24 module:log("debug", "Policy matches"); |