Diff

mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua @ 1324:853a382c9bd6

mod_turncredentials: Advertise the XEP-0215 feature (thanks Gryffus)
author Kim Alvefur <zash@zash.se>
date Fri, 28 Feb 2014 15:36:06 +0100
parent 1166:2b62a3b76d76
child 1325:b21236b6b8d8
line wrap: on
line diff
--- a/mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua	Wed Feb 26 13:08:47 2014 -0800
+++ b/mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua	Fri Feb 28 15:36:06 2014 +0100
@@ -5,6 +5,7 @@
 
 local digest_algo = module:get_option_string(module:get_name().."_digest", "sha1");
 local must_match = module:get_option_boolean("s2s_pin_fingerprints", false);
+local tofu = module:get_option_boolean("s2s_tofu", false);
 
 local fingerprints = {};
 
@@ -38,5 +39,20 @@
 			session.cert_chain_status = "invalid";
 			session.cert_identity_status = "invalid";
 		end
+	elseif tofu
+			and ( session.cert_chain_status ~= "valid"
+			or session.cert_identity_status ~= "valid" ) then
+		local digest = cert and cert:digest(digest_algo);
+		fingerprints[host] = {
+			[digest] = true;
+		}
 	end
 end);
+
+function module.save()
+	return { fingerprints = fingerprints };
+end
+
+function module.restore(state)
+	fingerprints = state.fingerprints;
+end