changeset 1675:116488cced16

mod_watchuntrusted: Only notify once per host per day
author Kim Alvefur <zash@zash.se>
date Wed, 22 Apr 2015 13:20:47 +0200
parents 7f4c64cfed09
children accbf0db0246
files mod_watchuntrusted/mod_watchuntrusted.lua
diffstat 1 files changed, 11 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mod_watchuntrusted/mod_watchuntrusted.lua	Mon Apr 13 13:36:38 2015 +0200
+++ b/mod_watchuntrusted/mod_watchuntrusted.lua	Wed Apr 22 13:20:47 2015 +0200
@@ -9,6 +9,8 @@
 
 local st = require "util.stanza";
 
+local notified_about_already = { };
+
 module:hook_global("s2s-check-certificate", function (event)
     local session, host = event.session, event.host;
     local conn = session.conn:socket();
@@ -25,7 +27,8 @@
             must_secure = false;
     end
 
-    if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then
+    if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") and not notified_about_already[host] then
+		notified_about_already[host] = os.time();
 		local _, errors = conn:getpeerverification();
 		local error_message = "";
 
@@ -54,3 +57,10 @@
 	end
 end, -0.5);
 
+module:add_timer(14400, function (now)
+	for host, time in pairs(notified_about_already) do
+		if time + 86400 > now then
+			notified_about_already[host] = nil;
+		end
+	end
+end)