Mercurial > prosody-modules
view mod_tls_policy/mod_tls_policy.lua @ 4530:33c149d0261d
mod_rest: Add mappings for a whole pile of XEPs
Look ma, programming in JSON!
XEP-0012: Last Activity
XEP-0077: In-Band Registration
XEP-0115: Entity Capabilities
XEP-0153: vCard-Based Avatars
XEP-0297: Stanza Forwarding
XEP-0308: Last Message Correction
XEP-0319: Last User Interaction in Presence
XEP-0333: Chat Markers
XEP-0367: Message Attaching
XEP-0372: References
XEP-0421: Anonymous unique occupant identifiers for MUCs
XEP-0428: Fallback Indication
XEP-0444: Message Reactions
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 23 Mar 2021 23:18:33 +0100 |
| parents | a43ed0d28918 |
| children | 1b701f208b1b |
line wrap: on
line source
assert(require"ssl.core".info, "Incompatible LuaSec version"); local function hook(event_name, typ, policy) if not policy then return end if policy == "FS" then policy = { cipher = "^E?C?DHE%-" }; elseif type(policy) == "string" then policy = { cipher = policy }; end module:hook(event_name, function (event) local origin = event.origin; if origin.encrypted then local info = origin.conn:socket():info(); for key, what in pairs(policy) do module:log("debug", "Does info[%q] = %s match %s ?", key, tostring(info[key]), tostring(what)); if (type(what) == "number" and what < info[key] ) or (type(what) == "string" and not info[key]:match(what)) then origin:close({ condition = "policy-violation", text = ("TLS %s '%s' not acceptable"):format(key, tostring(info[key])) }); return false; end module:log("debug", "Seems so"); end module:log("debug", "Policy matches"); end end, 1000); end local policy = module:get_option(module.name, {}); if type(policy) == "string" then policy = { c2s = policy, s2s = policy }; end hook("stream-features", "c2s", policy.c2s); hook("s2s-stream-features", "s2sin", policy.s2sin or policy.s2s); hook("stanza/http://etherx.jabber.org/streams:features", "s2sout", policy.s2sout or policy.s2s);