Mercurial > prosody-modules

diff mod_s2s_keysize_policy/mod_s2s_keysize_policy.lua @ 1325:b21236b6b8d8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Backed out changeset 853a382c9bd6
author Kim Alvefur <zash@zash.se>
date Fri, 28 Feb 2014 15:37:55 +0100
parents 853a382c9bd6
children 27ffa6521d4e
line wrap: on
line diff
--- a/mod_s2s_keysize_policy/mod_s2s_keysize_policy.lua	Fri Feb 28 15:36:06 2014 +0100
+++ b/mod_s2s_keysize_policy/mod_s2s_keysize_policy.lua	Fri Feb 28 15:37:55 2014 +0100
@@ -26,9 +26,9 @@
 	if cert and cert.pubkey then
 		local _, key_type, key_size = cert:pubkey();
 		if key_size < ( weak_key_size[key_type] or 0 ) then
-			local expires = parse_x509_datetime(cert:notafter());
-			if expires > weak_key_cutoff then
-				session.log("error", "%s has a %s-bit %s key valid after 31 December 2013, invalidating trust!", host, key_size, key_type);
+			local issued = parse_x509_datetime(cert:notbefore());
+			if issued > weak_key_cutoff then
+				session.log("error", "%s has a %s-bit %s key issued after 31 December 2013, invalidating trust!", host, key_size, key_type);
 				session.cert_chain_status = "invalid";
 				session.cert_identity_status = "invalid";
 			else