changeset 1381:11b6170a50f7

mod_s2s_auth_fingerprint: Log current fingerprint and match status
author Kim Alvefur <zash@zash.se>
date Sat, 05 Apr 2014 13:41:12 +0200
parents 703041357f89
children ba17268490b7
files mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua
diffstat 1 files changed, 7 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua	Sat Apr 05 13:40:13 2014 +0200
+++ b/mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua	Sat Apr 05 13:41:12 2014 +0200
@@ -8,7 +8,11 @@
 local fingerprints = {};
 
 local function hashprep(h)
-	return tostring(h):lower():gsub(":","");
+	return tostring(h):gsub(":",""):lower();
+end
+
+local function hashfmt(h)
+	return h:gsub("..",":%0"):sub(2):upper();
 end
 
 for host, set in pairs(module:get_option("s2s_trusted_fingerprints", {})) do
@@ -30,10 +34,12 @@
 	if host_fingerprints then
 		local digest = cert and cert:digest(digest_algo);
 		if host_fingerprints[digest] then
+			module:log("info", "'%s' matched %s fingerprint %s", host, digest_algo:upper(), hashfmt(digest));
 			session.cert_chain_status = "valid";
 			session.cert_identity_status = "valid";
 			return true;
 		else
+			module:log("warn", "'%s' has unknown %s fingerprint %s", host, digest_algo:upper(), hashfmt(digest));
 			session.cert_chain_status = "invalid";
 			session.cert_identity_status = "invalid";
 		end