prosody-modules
a7c1f1b6ef05
mod_checkcerts/mod_checkcerts.lua
Software / code / prosody-modules
Comparison
mod_checkcerts/mod_checkcerts.lua @ 1880:a7c1f1b6ef05
mod_checkcerts: Improve error handling when loading certificate
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 29 Sep 2015 14:56:46 +0200 |
| parent | 1879:18123e0f5d58 |
| child | 2945:ec7f9c8f2a5f |
comparison
equal
deleted
inserted
replaced
| 1879:18123e0f5d58 | 1880:a7c1f1b6ef05 |
|---|---|
| 48 log("warn", "Could not find a certificate to check"); | 48 log("warn", "Could not find a certificate to check"); |
| 49 return; | 49 return; |
| 50 end | 50 end |
| 51 | 51 |
| 52 local certfile = ssl_config.certificate; | 52 local certfile = ssl_config.certificate; |
| 53 local fh = io.open(certfile); -- Load the file. | 53 local fh, ferr = io.open(certfile); -- Load the file. |
| 54 cert = fh and fh:read"*a"; | 54 if not fh then |
| 55 fh = fh and fh:close(); | 55 log("warn", "Could not open certificate %s", ferr); |
| 56 local cert = cert and load_cert(cert); -- And parse | 56 return; |
| 57 end | |
| 58 local cert, lerr = load_cert(fh:read("*a")); -- And parse | |
| 59 fh:close(); | |
| 60 if not cert then | |
| 61 log("warn", "Could not parse certificate %s: %s", certfile, lerr or ""); | |
| 62 return; | |
| 63 end | |
| 57 | 64 |
| 58 if not cert then | |
| 59 module:log("warn", "No certificate configured for this host, please fix this and reload this module to check expiry"); | |
| 60 return | |
| 61 end | |
| 62 local expires_at = parse_x509_datetime(cert:notafter()); | 65 local expires_at = parse_x509_datetime(cert:notafter()); |
| 63 local expires_in = os.difftime(expires_at, now); | 66 local expires_in = os.difftime(expires_at, now); |
| 64 local fmt = "Certificate %s expires in %s" | 67 local fmt = "Certificate %s expires in %s" |
| 65 local nag_admin = expires_in < nag_time; | 68 local nag_admin = expires_in < nag_time; |
| 66 local log_warn = expires_in < nag_time * 2; | 69 local log_warn = expires_in < nag_time * 2; |
