Mercurial > prosody-modules
view mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua @ 5119:048e339706ba
mod_rest: Remove manual reference expansion in schema
This hack was originally added to reduce the number of definitions of
common attributes (type, to, from etc) and payloads (e.g. delay). This
predated pointers and references, and until now was needed because
parsing picked out the correct stanza kind from the schema, which broke
internal references.
Removing this hack paves the way for allowing the schema to be
configured or customized more easily.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 20 Dec 2022 21:48:28 +0100 |
| parents | ee2cedb0f691 |
| children |
line wrap: on
line source
-- Copyright (C) 2013-2014 Kim Alvefur -- This file is MIT/X11 licensed. module:set_global(); local digest_algo = module:get_option_string(module:get_name().."_digest", "sha1"); local fingerprints = {}; local function hashprep(h) return tostring(h):gsub(":",""):lower(); end local function hashfmt(h) return h:gsub("..","%0:", #h/2-1):upper(); end for host, set in pairs(module:get_option("s2s_trusted_fingerprints", {})) do local host_set = {} if type(set) == "table" then -- list of fingerprints for i=1,#set do host_set[hashprep(set[i])] = true; end else -- assume single fingerprint host_set[hashprep(set)] = true; end fingerprints[host] = host_set; end module:hook("s2s-check-certificate", function(event) local session, host, cert = event.session, event.host, event.cert; local host_fingerprints = fingerprints[host]; if host_fingerprints then local digest = cert and cert:digest(digest_algo); if host_fingerprints[digest] then module:log("info", "'%s' matched %s fingerprint %s", host, digest_algo:upper(), hashfmt(digest)); session.cert_chain_status = "valid"; session.cert_identity_status = "valid"; return true; else module:log("warn", "'%s' has unknown %s fingerprint %s", host, digest_algo:upper(), hashfmt(digest)); session.cert_chain_status = "invalid"; session.cert_identity_status = "invalid"; end end end);