Software /
code /
prosody-modules
Comparison
mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua @ 1324:853a382c9bd6
mod_turncredentials: Advertise the XEP-0215 feature (thanks Gryffus)
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 28 Feb 2014 15:36:06 +0100 |
parent | 1166:2b62a3b76d76 |
child | 1325:b21236b6b8d8 |
comparison
equal
deleted
inserted
replaced
1323:c84ff82658cb | 1324:853a382c9bd6 |
---|---|
3 | 3 |
4 module:set_global(); | 4 module:set_global(); |
5 | 5 |
6 local digest_algo = module:get_option_string(module:get_name().."_digest", "sha1"); | 6 local digest_algo = module:get_option_string(module:get_name().."_digest", "sha1"); |
7 local must_match = module:get_option_boolean("s2s_pin_fingerprints", false); | 7 local must_match = module:get_option_boolean("s2s_pin_fingerprints", false); |
8 local tofu = module:get_option_boolean("s2s_tofu", false); | |
8 | 9 |
9 local fingerprints = {}; | 10 local fingerprints = {}; |
10 | 11 |
11 local function hashprep(h) | 12 local function hashprep(h) |
12 return tostring(h):lower():gsub(":",""); | 13 return tostring(h):lower():gsub(":",""); |
36 return true; | 37 return true; |
37 elseif must_match then | 38 elseif must_match then |
38 session.cert_chain_status = "invalid"; | 39 session.cert_chain_status = "invalid"; |
39 session.cert_identity_status = "invalid"; | 40 session.cert_identity_status = "invalid"; |
40 end | 41 end |
42 elseif tofu | |
43 and ( session.cert_chain_status ~= "valid" | |
44 or session.cert_identity_status ~= "valid" ) then | |
45 local digest = cert and cert:digest(digest_algo); | |
46 fingerprints[host] = { | |
47 [digest] = true; | |
48 } | |
41 end | 49 end |
42 end); | 50 end); |
51 | |
52 function module.save() | |
53 return { fingerprints = fingerprints }; | |
54 end | |
55 | |
56 function module.restore(state) | |
57 fingerprints = state.fingerprints; | |
58 end |