Mercurial > prosody-modules
view mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua @ 4298:020dd0a59f1f
mod_muc_markers: Add option for @id rewriting, default off (may break some clients)
XEP-0333 was updated to clarify that stanza-id should be used
instead of the 'id' attribute when in a MUC. Some clients still
use the id attribute, which is why we were rewriting it.
Rewriting is bad because mod_muc advertises stable_id, indicating
that Prosody does *not* rewrite ids. Recent versions of Conversations
actually depend on this being true.
All clients should migrate to using stanza-id for markers. See XEP-0333.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 14 Dec 2020 12:09:25 +0000 |
| parents | ee2cedb0f691 |
| children |
line wrap: on
line source
-- Copyright (C) 2013-2014 Kim Alvefur -- This file is MIT/X11 licensed. module:set_global(); local digest_algo = module:get_option_string(module:get_name().."_digest", "sha1"); local fingerprints = {}; local function hashprep(h) return tostring(h):gsub(":",""):lower(); end local function hashfmt(h) return h:gsub("..","%0:", #h/2-1):upper(); end for host, set in pairs(module:get_option("s2s_trusted_fingerprints", {})) do local host_set = {} if type(set) == "table" then -- list of fingerprints for i=1,#set do host_set[hashprep(set[i])] = true; end else -- assume single fingerprint host_set[hashprep(set)] = true; end fingerprints[host] = host_set; end module:hook("s2s-check-certificate", function(event) local session, host, cert = event.session, event.host, event.cert; local host_fingerprints = fingerprints[host]; if host_fingerprints then local digest = cert and cert:digest(digest_algo); if host_fingerprints[digest] then module:log("info", "'%s' matched %s fingerprint %s", host, digest_algo:upper(), hashfmt(digest)); session.cert_chain_status = "valid"; session.cert_identity_status = "valid"; return true; else module:log("warn", "'%s' has unknown %s fingerprint %s", host, digest_algo:upper(), hashfmt(digest)); session.cert_chain_status = "invalid"; session.cert_identity_status = "invalid"; end end end);