Mercurial > prosody-modules
view mod_checkcerts/mod_checkcerts.lua @ 735:c1b0f0c33c6a
mod_archive: Fix hour offset in stored message date
os.date expect a timestamp in local time, that is subject to daylight saving.
But since we pass an UTC timestamp to os.date one hour is (wrongly) added in
the summer.
The only sensible thing is to call the os.date only once with the ! parametter.
And then parsing this sting to get the utc_timestamp.
Calling os.date with an UTC timestamp is not possible, and calling os.date
twice without timestamp could give different results.
author | Olivier Goffart <ogoffart@woboq.com> |
---|---|
date | Wed, 04 Jul 2012 13:49:57 +0200 |
parents | ea9941812721 |
children | 1983d4d51e1a |
line wrap: on
line source
local ssl = require"ssl"; if not ssl.cert_from_pem then module:log("error", "This version of LuaSec (%s) doesn't support certificate checking", ssl._VERSION); return end local function check_certs_validity() local ssl_config = config.rawget(module.host, "core", "ssl"); if not ssl_config then local base_host = module.host:match("%.(.*)"); ssl_config = config.get(base_host, "core", "ssl"); end if ssl.cert_from_pem and ssl_config.certificate then local certfile = ssl_config.certificate; local cert; local fh, err = io.open(certfile); cert = fh and fh:read"*a"; cert = cert and ssl.cert_from_pem(cert); if not cert then return end fh:close(); if not cert:valid_at(os.time()) then module:log("warn", "The certificate %s has expired", certfile); elseif not cert:valid_at(os.time()+86400*7) then module:log("warn", "The certificate %s will expire this week", certfile); elseif not cert:valid_at(os.time()+86400*30) then module:log("info", "The certificate %s will expire later this month", certfile); end end end module.load = check_certs_validity; module:hook_global("config-reloaded", check_certs_validity);