Software /
code /
prosody-modules
Diff
mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua @ 1381:11b6170a50f7
mod_s2s_auth_fingerprint: Log current fingerprint and match status
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 05 Apr 2014 13:41:12 +0200 |
parent | 1380:703041357f89 |
child | 1875:ee2cedb0f691 |
line wrap: on
line diff
--- a/mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua Sat Apr 05 13:40:13 2014 +0200 +++ b/mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua Sat Apr 05 13:41:12 2014 +0200 @@ -8,7 +8,11 @@ local fingerprints = {}; local function hashprep(h) - return tostring(h):lower():gsub(":",""); + return tostring(h):gsub(":",""):lower(); +end + +local function hashfmt(h) + return h:gsub("..",":%0"):sub(2):upper(); end for host, set in pairs(module:get_option("s2s_trusted_fingerprints", {})) do @@ -30,10 +34,12 @@ if host_fingerprints then local digest = cert and cert:digest(digest_algo); if host_fingerprints[digest] then + module:log("info", "'%s' matched %s fingerprint %s", host, digest_algo:upper(), hashfmt(digest)); session.cert_chain_status = "valid"; session.cert_identity_status = "valid"; return true; else + module:log("warn", "'%s' has unknown %s fingerprint %s", host, digest_algo:upper(), hashfmt(digest)); session.cert_chain_status = "invalid"; session.cert_identity_status = "invalid"; end