Mercurial > prosody-modules

view mod_checkcerts/mod_checkcerts.lua @ 735:c1b0f0c33c6a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_archive: Fix hour offset in stored message date os.date expect a timestamp in local time, that is subject to daylight saving. But since we pass an UTC timestamp to os.date one hour is (wrongly) added in the summer. The only sensible thing is to call the os.date only once with the ! parametter. And then parsing this sting to get the utc_timestamp. Calling os.date with an UTC timestamp is not possible, and calling os.date twice without timestamp could give different results.
author Olivier Goffart <ogoffart@woboq.com>
date Wed, 04 Jul 2012 13:49:57 +0200
parents ea9941812721
children 1983d4d51e1a
line wrap: on
line source

local ssl = require"ssl";
if not ssl.cert_from_pem then
	module:log("error", "This version of LuaSec (%s) doesn't support certificate checking", ssl._VERSION);
	return
end

local function check_certs_validity()
	local ssl_config = config.rawget(module.host, "core", "ssl");
	if not ssl_config then
		local base_host = module.host:match("%.(.*)");
		ssl_config = config.get(base_host, "core", "ssl");
	end

	if ssl.cert_from_pem and ssl_config.certificate then
		local certfile = ssl_config.certificate;
		local cert;
		local fh, err = io.open(certfile);
		cert = fh and fh:read"*a";
		cert = cert and ssl.cert_from_pem(cert);
		if not cert then return end
		fh:close();

		if not cert:valid_at(os.time()) then
			module:log("warn", "The certificate %s has expired", certfile);
		elseif not cert:valid_at(os.time()+86400*7) then
			module:log("warn", "The certificate %s will expire this week", certfile);
		elseif not cert:valid_at(os.time()+86400*30) then
			module:log("info", "The certificate %s will expire later this month", certfile);
		end
	end
end

module.load = check_certs_validity;
module:hook_global("config-reloaded", check_certs_validity);