Mercurial > prosody-modules
view mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua @ 3955:017f60608fc8
mod_smacks: also count outgoing MAM messages
mod_smacks doesn't count outgoing MAM messages, which causes warnings in Prosody such as:
> The client says it handled 41 new stanzas, but we only sent 2
It seems mod_smacks is in the wrong here and that it's too strict in trying to determine what is a valid stanza to count.
In RFC6120:
> Definition of XML Stanza: An XML stanza is the basic unit of meaning
> in XMPP. A stanza is a first-level element (at depth=1 of the stream)
> whose element name is "message", "presence", or "iq" and whose
> qualifying namespace is 'jabber:client' or 'jabber:server'.
author | JC Brand <jc@opkode.com> |
---|---|
date | Thu, 26 Mar 2020 11:57:02 +0100 |
parents | ee2cedb0f691 |
children |
line wrap: on
line source
-- Copyright (C) 2013-2014 Kim Alvefur -- This file is MIT/X11 licensed. module:set_global(); local digest_algo = module:get_option_string(module:get_name().."_digest", "sha1"); local fingerprints = {}; local function hashprep(h) return tostring(h):gsub(":",""):lower(); end local function hashfmt(h) return h:gsub("..","%0:", #h/2-1):upper(); end for host, set in pairs(module:get_option("s2s_trusted_fingerprints", {})) do local host_set = {} if type(set) == "table" then -- list of fingerprints for i=1,#set do host_set[hashprep(set[i])] = true; end else -- assume single fingerprint host_set[hashprep(set)] = true; end fingerprints[host] = host_set; end module:hook("s2s-check-certificate", function(event) local session, host, cert = event.session, event.host, event.cert; local host_fingerprints = fingerprints[host]; if host_fingerprints then local digest = cert and cert:digest(digest_algo); if host_fingerprints[digest] then module:log("info", "'%s' matched %s fingerprint %s", host, digest_algo:upper(), hashfmt(digest)); session.cert_chain_status = "valid"; session.cert_identity_status = "valid"; return true; else module:log("warn", "'%s' has unknown %s fingerprint %s", host, digest_algo:upper(), hashfmt(digest)); session.cert_chain_status = "invalid"; session.cert_identity_status = "invalid"; end end end);