Mercurial > prosody-modules

comparison mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 1412:d85695be0441

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Backout 33f132c3f4b7 until 0.10
author Kim Alvefur <zash@zash.se>
date Thu, 15 May 2014 11:12:31 +0200
parents 8626abe100e2
children 48141957f719
comparison
equal deleted inserted replaced
1411:8626abe100e2 1412:d85695be0441
20 local type = type; 20 local type = type;
21 local t_insert = table.insert; 21 local t_insert = table.insert;
22 local set = require"util.set"; 22 local set = require"util.set";
23 local dns_lookup = require"net.adns".lookup; 23 local dns_lookup = require"net.adns".lookup;
24 local hashes = require"util.hashes"; 24 local hashes = require"util.hashes";
25 local base64 = require"util.encodings".base64;
25 local idna_to_ascii = require "util.encodings".idna.to_ascii; 26 local idna_to_ascii = require "util.encodings".idna.to_ascii;
26 local idna_to_unicode = require"util.encodings".idna.to_unicode; 27 local idna_to_unicode = require"util.encodings".idna.to_unicode;
27 local nameprep = require"util.encodings".stringprep.nameprep; 28 local nameprep = require"util.encodings".stringprep.nameprep;
28 local cert_verify_identity = require "util.x509".verify_identity; 29 local cert_verify_identity = require "util.x509".verify_identity;
29 local pem2der = require"util.x509".pem2der;
30 30
31 do 31 do
32 local net_dns = require"net.dns"; 32 local net_dns = require"net.dns";
33 if not net_dns.types or not net_dns.types[52] then 33 if not net_dns.types or not net_dns.types[52] then
34 module:log("error", "No TLSA support available, DANE will not be supported"); 34 module:log("error", "No TLSA support available, DANE will not be supported");
35 return 35 return
36 end 36 end
37 end 37 end
38 38
39 local pat = "%-%-%-%-%-BEGIN ([A-Z ]+)%-%-%-%-%-\r?\n"..
40 "([0-9A-Za-z=+/\r\n]*)\r?\n%-%-%-%-%-END %1%-%-%-%-%-";
41 local function pem2der(pem)
42 local typ, data = pem:match(pat);
43 if typ and data then
44 return base64.decode(data), typ;
45 end
46 end
39 local use_map = { ["DANE-EE"] = 3; ["DANE-TA"] = 2; ["PKIX-EE"] = 1; ["PKIX-CA"] = 0 } 47 local use_map = { ["DANE-EE"] = 3; ["DANE-TA"] = 2; ["PKIX-EE"] = 1; ["PKIX-CA"] = 0 }
40 48
41 local implemented_uses = set.new { "DANE-EE", "PKIX-EE" }; 49 local implemented_uses = set.new { "DANE-EE", "PKIX-EE" };
42 if debug.getregistry()["SSL:Certificate"].__index.issued then 50 if debug.getregistry()["SSL:Certificate"].__index.issued then
43 -- Need cert:issued() for these 51 -- Need cert:issued() for these