prosody-modules
ea9941812721
mod_checkcerts/mod_checkcerts.lua
Software / code / prosody-modules
Comparison
mod_checkcerts/mod_checkcerts.lua @ 667:ea9941812721
mod_checkcerts: New module that logs a warning when your cert is about to expire.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 21 May 2012 17:02:15 +0200 |
| child | 855:1983d4d51e1a |
comparison
equal
deleted
inserted
replaced
| 666:b42b75f3bda0 | 667:ea9941812721 |
|---|---|
| 1 local ssl = require"ssl"; | |
| 2 if not ssl.cert_from_pem then | |
| 3 module:log("error", "This version of LuaSec (%s) doesn't support certificate checking", ssl._VERSION); | |
| 4 return | |
| 5 end | |
| 6 | |
| 7 local function check_certs_validity() | |
| 8 local ssl_config = config.rawget(module.host, "core", "ssl"); | |
| 9 if not ssl_config then | |
| 10 local base_host = module.host:match("%.(.*)"); | |
| 11 ssl_config = config.get(base_host, "core", "ssl"); | |
| 12 end | |
| 13 | |
| 14 if ssl.cert_from_pem and ssl_config.certificate then | |
| 15 local certfile = ssl_config.certificate; | |
| 16 local cert; | |
| 17 local fh, err = io.open(certfile); | |
| 18 cert = fh and fh:read"*a"; | |
| 19 cert = cert and ssl.cert_from_pem(cert); | |
| 20 if not cert then return end | |
| 21 fh:close(); | |
| 22 | |
| 23 if not cert:valid_at(os.time()) then | |
| 24 module:log("warn", "The certificate %s has expired", certfile); | |
| 25 elseif not cert:valid_at(os.time()+86400*7) then | |
| 26 module:log("warn", "The certificate %s will expire this week", certfile); | |
| 27 elseif not cert:valid_at(os.time()+86400*30) then | |
| 28 module:log("info", "The certificate %s will expire later this month", certfile); | |
| 29 end | |
| 30 end | |
| 31 end | |
| 32 | |
| 33 module.load = check_certs_validity; | |
| 34 module:hook_global("config-reloaded", check_certs_validity); |
