Mercurial > prosody-modules
view mod_s2s_keysize_policy/mod_s2s_keysize_policy.lua @ 4326:f6fdefc5c6ac
mod_roster_command: Fix subscription when the "user JID" is a bare domain.
Do not attempt to update the roster when the user is bare domain (e.g. a
component), since they don't have rosters and the attempt results in an error:
$ prosodyctl mod_roster_command subscribe proxy.example.com contact@example.com
xxxxxxxxxxFailed to execute command: Error: /usr/lib/prosody/core/rostermanager.lua:104: attempt to concatenate local 'username' (a nil value)
stack traceback:
/usr/lib/prosody/core/rostermanager.lua:104: in function 'load_roster'
/usr/lib/prosody/core/rostermanager.lua:305: in function 'set_contact_pending_out'
mod_roster_command.lua:44: in function 'subscribe'
author | Boris Grozev <boris@jitsi.org> |
---|---|
date | Tue, 05 Jan 2021 13:15:00 -0600 |
parents | 27ffa6521d4e |
children |
line wrap: on
line source
-- mod_s2s_keysize_policy.lua -- Requires LuaSec with this patch: https://github.com/brunoos/luasec/pull/12 module:set_global(); local datetime_parse = require"util.datetime".parse; local pat = "^([JFMAONSD][ceupao][glptbvyncr]) ?(%d%d?) (%d%d):(%d%d):(%d%d) (%d%d%d%d) GMT$"; local months = {Jan=1,Feb=2,Mar=3,Apr=4,May=5,Jun=6,Jul=7,Aug=8,Sep=9,Oct=10,Nov=11,Dec=12}; local function parse_x509_datetime(s) local month, day, hour, min, sec, year = s:match(pat); month = months[month]; return datetime_parse(("%04d-%02d-%02dT%02d:%02d:%02dZ"):format(year, month, day, hour, min, sec)); end local weak_key_cutoff = datetime_parse("2014-01-01T00:00:00Z"); -- From RFC 4492 local weak_key_size = { RSA = 2048, DSA = 2048, DH = 2048, EC = 233, } module:hook("s2s-check-certificate", function(event) local host, session, cert = event.host, event.session, event.cert; if cert and cert.pubkey then local _, key_type, key_size = cert:pubkey(); if key_size < ( weak_key_size[key_type] or 0 ) then local issued = parse_x509_datetime(cert:notbefore()); if issued > weak_key_cutoff then session.log("warn", "%s has a %s-bit %s key issued after 31 December 2013, invalidating trust!", host, key_size, key_type); session.cert_chain_status = "invalid"; session.cert_identity_status = "invalid"; else session.log("warn", "%s has a %s-bit %s key", host, key_size, key_type); end else session.log("info", "%s has a %s-bit %s key", host, key_size, key_type); end end end);