Comparison

mod_checkcerts/mod_checkcerts.lua @ 667:ea9941812721

mod_checkcerts: New module that logs a warning when your cert is about to expire.
author Kim Alvefur <zash@zash.se>
date Mon, 21 May 2012 17:02:15 +0200
child 855:1983d4d51e1a
comparison
equal deleted inserted replaced
666:b42b75f3bda0 667:ea9941812721
1 local ssl = require"ssl";
2 if not ssl.cert_from_pem then
3 module:log("error", "This version of LuaSec (%s) doesn't support certificate checking", ssl._VERSION);
4 return
5 end
6
7 local function check_certs_validity()
8 local ssl_config = config.rawget(module.host, "core", "ssl");
9 if not ssl_config then
10 local base_host = module.host:match("%.(.*)");
11 ssl_config = config.get(base_host, "core", "ssl");
12 end
13
14 if ssl.cert_from_pem and ssl_config.certificate then
15 local certfile = ssl_config.certificate;
16 local cert;
17 local fh, err = io.open(certfile);
18 cert = fh and fh:read"*a";
19 cert = cert and ssl.cert_from_pem(cert);
20 if not cert then return end
21 fh:close();
22
23 if not cert:valid_at(os.time()) then
24 module:log("warn", "The certificate %s has expired", certfile);
25 elseif not cert:valid_at(os.time()+86400*7) then
26 module:log("warn", "The certificate %s will expire this week", certfile);
27 elseif not cert:valid_at(os.time()+86400*30) then
28 module:log("info", "The certificate %s will expire later this month", certfile);
29 end
30 end
31 end
32
33 module.load = check_certs_validity;
34 module:hook_global("config-reloaded", check_certs_validity);