Mercurial > prosody-modules
changeset 667:ea9941812721
mod_checkcerts: New module that logs a warning when your cert is about to expire.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 21 May 2012 17:02:15 +0200 |
parents | b42b75f3bda0 |
children | 343b115ebbea |
files | mod_checkcerts/mod_checkcerts.lua |
diffstat | 1 files changed, 34 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_checkcerts/mod_checkcerts.lua Mon May 21 17:02:15 2012 +0200 @@ -0,0 +1,34 @@ +local ssl = require"ssl"; +if not ssl.cert_from_pem then + module:log("error", "This version of LuaSec (%s) doesn't support certificate checking", ssl._VERSION); + return +end + +local function check_certs_validity() + local ssl_config = config.rawget(module.host, "core", "ssl"); + if not ssl_config then + local base_host = module.host:match("%.(.*)"); + ssl_config = config.get(base_host, "core", "ssl"); + end + + if ssl.cert_from_pem and ssl_config.certificate then + local certfile = ssl_config.certificate; + local cert; + local fh, err = io.open(certfile); + cert = fh and fh:read"*a"; + cert = cert and ssl.cert_from_pem(cert); + if not cert then return end + fh:close(); + + if not cert:valid_at(os.time()) then + module:log("warn", "The certificate %s has expired", certfile); + elseif not cert:valid_at(os.time()+86400*7) then + module:log("warn", "The certificate %s will expire this week", certfile); + elseif not cert:valid_at(os.time()+86400*30) then + module:log("info", "The certificate %s will expire later this month", certfile); + end + end +end + +module.load = check_certs_validity; +module:hook_global("config-reloaded", check_certs_validity);