Mercurial > prosody-modules
diff mod_s2s_keysize_policy/mod_s2s_keysize_policy.lua @ 1324:853a382c9bd6
mod_turncredentials: Advertise the XEP-0215 feature (thanks Gryffus)
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 28 Feb 2014 15:36:06 +0100 |
parents | fc42f8484451 |
children | b21236b6b8d8 |
line wrap: on
line diff
--- a/mod_s2s_keysize_policy/mod_s2s_keysize_policy.lua Wed Feb 26 13:08:47 2014 -0800 +++ b/mod_s2s_keysize_policy/mod_s2s_keysize_policy.lua Fri Feb 28 15:36:06 2014 +0100 @@ -26,9 +26,9 @@ if cert and cert.pubkey then local _, key_type, key_size = cert:pubkey(); if key_size < ( weak_key_size[key_type] or 0 ) then - local issued = parse_x509_datetime(cert:notbefore()); - if issued > weak_key_cutoff then - session.log("error", "%s has a %s-bit %s key issued after 31 December 2013, invalidating trust!", host, key_size, key_type); + local expires = parse_x509_datetime(cert:notafter()); + if expires > weak_key_cutoff then + session.log("error", "%s has a %s-bit %s key valid after 31 December 2013, invalidating trust!", host, key_size, key_type); session.cert_chain_status = "invalid"; session.cert_identity_status = "invalid"; else