Software /
code /
prosody-modules
Comparison
mod_tls_policy/mod_tls_policy.lua @ 1615:d0fd8a29b724
mod_tls_policy: Include which part of the cipher that did not match the policy in stream error
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 23 Feb 2015 15:45:11 +0100 |
parent | 1601:c5ca63ac0e1b |
child | 1891:a43ed0d28918 |
comparison
equal
deleted
inserted
replaced
1614:79adec50b24d | 1615:d0fd8a29b724 |
---|---|
14 if origin.encrypted then | 14 if origin.encrypted then |
15 local info = origin.conn:socket():info(); | 15 local info = origin.conn:socket():info(); |
16 for key, what in pairs(policy) do | 16 for key, what in pairs(policy) do |
17 module:log("debug", "Does info[%q] = %s match %s ?", key, tostring(info[key]), tostring(what)); | 17 module:log("debug", "Does info[%q] = %s match %s ?", key, tostring(info[key]), tostring(what)); |
18 if (type(what) == "number" and what < info[key] ) or (type(what) == "string" and not info[key]:match(what)) then | 18 if (type(what) == "number" and what < info[key] ) or (type(what) == "string" and not info[key]:match(what)) then |
19 origin:close({ condition = "policy-violation", text = "Cipher not acceptable" }); | 19 origin:close({ condition = "policy-violation", text = ("TLS %s '%s' not acceptable"):format(key, tostring(info[key])) }); |
20 return false; | 20 return false; |
21 end | 21 end |
22 module:log("debug", "Seems so"); | 22 module:log("debug", "Seems so"); |
23 end | 23 end |
24 module:log("debug", "Policy matches"); | 24 module:log("debug", "Policy matches"); |