Software /
code /
prosody-modules
Comparison
mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua @ 1380:703041357f89
mod_s2s_auth_fingerprint: Allways pin fingerprints
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 05 Apr 2014 13:40:13 +0200 |
parent | 1325:b21236b6b8d8 |
child | 1381:11b6170a50f7 |
comparison
equal
deleted
inserted
replaced
1379:403d5cd924eb | 1380:703041357f89 |
---|---|
1 -- Copyright (C) 2013 Kim Alvefur | 1 -- Copyright (C) 2013-2014 Kim Alvefur |
2 -- This file is MIT/X11 licensed. | 2 -- This file is MIT/X11 licensed. |
3 | 3 |
4 module:set_global(); | 4 module:set_global(); |
5 | 5 |
6 local digest_algo = module:get_option_string(module:get_name().."_digest", "sha1"); | 6 local digest_algo = module:get_option_string(module:get_name().."_digest", "sha1"); |
7 local must_match = module:get_option_boolean("s2s_pin_fingerprints", false); | |
8 | 7 |
9 local fingerprints = {}; | 8 local fingerprints = {}; |
10 | 9 |
11 local function hashprep(h) | 10 local function hashprep(h) |
12 return tostring(h):lower():gsub(":",""); | 11 return tostring(h):lower():gsub(":",""); |
32 local digest = cert and cert:digest(digest_algo); | 31 local digest = cert and cert:digest(digest_algo); |
33 if host_fingerprints[digest] then | 32 if host_fingerprints[digest] then |
34 session.cert_chain_status = "valid"; | 33 session.cert_chain_status = "valid"; |
35 session.cert_identity_status = "valid"; | 34 session.cert_identity_status = "valid"; |
36 return true; | 35 return true; |
37 elseif must_match then | 36 else |
38 session.cert_chain_status = "invalid"; | 37 session.cert_chain_status = "invalid"; |
39 session.cert_identity_status = "invalid"; | 38 session.cert_identity_status = "invalid"; |
40 end | 39 end |
41 end | 40 end |
42 end); | 41 end); |