changeset 667:ea9941812721

mod_checkcerts: New module that logs a warning when your cert is about to expire.
author Kim Alvefur <zash@zash.se>
date Mon, 21 May 2012 17:02:15 +0200
parents b42b75f3bda0
children 343b115ebbea
files mod_checkcerts/mod_checkcerts.lua
diffstat 1 files changed, 34 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_checkcerts/mod_checkcerts.lua	Mon May 21 17:02:15 2012 +0200
@@ -0,0 +1,34 @@
+local ssl = require"ssl";
+if not ssl.cert_from_pem then
+	module:log("error", "This version of LuaSec (%s) doesn't support certificate checking", ssl._VERSION);
+	return
+end
+
+local function check_certs_validity()
+	local ssl_config = config.rawget(module.host, "core", "ssl");
+	if not ssl_config then
+		local base_host = module.host:match("%.(.*)");
+		ssl_config = config.get(base_host, "core", "ssl");
+	end
+
+	if ssl.cert_from_pem and ssl_config.certificate then
+		local certfile = ssl_config.certificate;
+		local cert;
+		local fh, err = io.open(certfile);
+		cert = fh and fh:read"*a";
+		cert = cert and ssl.cert_from_pem(cert);
+		if not cert then return end
+		fh:close();
+
+		if not cert:valid_at(os.time()) then
+			module:log("warn", "The certificate %s has expired", certfile);
+		elseif not cert:valid_at(os.time()+86400*7) then
+			module:log("warn", "The certificate %s will expire this week", certfile);
+		elseif not cert:valid_at(os.time()+86400*30) then
+			module:log("info", "The certificate %s will expire later this month", certfile);
+		end
+	end
+end
+
+module.load = check_certs_validity;
+module:hook_global("config-reloaded", check_certs_validity);