Diff

mod_client_certs/mod_client_certs.lua @ 1779:bdf1de953fd9

mod_client_certs: Patch from mathieui fixing invalid results when requesting multiple certs, missing stream feature and problem with PEM decoding.
author Thijs Alkemade <me@thijsalkema.de>
date Thu, 13 Aug 2015 18:03:11 +0200
parent 1343:7dbde05b48a9
child 3267:4b43b317e8f5
line wrap: on
line diff
--- a/mod_client_certs/mod_client_certs.lua	Wed Mar 04 12:57:24 2015 +0100
+++ b/mod_client_certs/mod_client_certs.lua	Thu Aug 13 18:03:11 2015 +0200
@@ -10,7 +10,8 @@
 local dm_load = require "util.datamanager".load;
 local dm_store = require "util.datamanager".store;
 local dm_table = "client_certs";
-local x509 = require "ssl.x509";
+local ssl_x509 = require "ssl.x509";
+local util_x509 = require "util.x509";
 local id_on_xmppAddr = "1.3.6.1.5.5.7.8.5";
 local id_ce_subjectAltName = "2.5.29.17";
 local digest_algo = "sha1";
@@ -119,7 +120,7 @@
 		for digest,info in pairs(certs) do
 			reply:tag("item")
 				:tag("name"):text(info.name):up()
-				:tag("x509cert"):text(info.x509cert)
+				:tag("x509cert"):text(info.x509cert):up()
 			:up();
 		end
 
@@ -144,11 +145,7 @@
 		local can_manage = append:get_child("no-cert-management", xmlns_saslcert) ~= nil;
 		x509cert = x509cert:gsub("^%s*(.-)%s*$", "%1");
 
-		local cert = x509.load(
-		"-----BEGIN CERTIFICATE-----\n"
-		.. x509cert ..
-		"\n-----END CERTIFICATE-----\n");
-
+		local cert = ssl_x509.load(util_x509.der2pem(base64.decode(x509cert)));
 
 		if not cert then
 			origin.send(st.error_reply(stanza, "modify", "not-acceptable", "Could not parse X.509 certificate"));
@@ -302,10 +299,7 @@
 		local name = fields.name;
 		local x509cert = fields.cert:gsub("^%s*(.-)%s*$", "%1");
 
-		local cert = x509.load(
-		"-----BEGIN CERTIFICATE-----\n"
-		.. x509cert ..
-		"\n-----END CERTIFICATE-----\n");
+		local cert = ssl_x509.load(util_x509.der2pem(base64.decode(x509cert)));
 
 		if not cert then
 			return { status = "completed", error = { message = "Could not parse X.509 certificate" } };
@@ -427,3 +421,4 @@
 	end
 end, 1);
 
+module:add_feature(xmlns_saslcert);