prosody-modules
05725276fac0
mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua
Software / code / prosody-modules
File
mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua @ 4688:05725276fac0
mod_bookmarks2: Use same default as mod_pep for max_items
Should fix the issue with max items until the proper "max" can be used,
by following the configured max.
While "max" is already in trunk, it's not easily usable in 0.11.x
This limit and option was added to mod_pep in Prosody rev aefb96a52f5f
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 15 Sep 2021 17:39:37 +0200 |
| parent | 1875:ee2cedb0f691 |
line wrap: on
line source
-- Copyright (C) 2013-2014 Kim Alvefur -- This file is MIT/X11 licensed. module:set_global(); local digest_algo = module:get_option_string(module:get_name().."_digest", "sha1"); local fingerprints = {}; local function hashprep(h) return tostring(h):gsub(":",""):lower(); end local function hashfmt(h) return h:gsub("..","%0:", #h/2-1):upper(); end for host, set in pairs(module:get_option("s2s_trusted_fingerprints", {})) do local host_set = {} if type(set) == "table" then -- list of fingerprints for i=1,#set do host_set[hashprep(set[i])] = true; end else -- assume single fingerprint host_set[hashprep(set)] = true; end fingerprints[host] = host_set; end module:hook("s2s-check-certificate", function(event) local session, host, cert = event.session, event.host, event.cert; local host_fingerprints = fingerprints[host]; if host_fingerprints then local digest = cert and cert:digest(digest_algo); if host_fingerprints[digest] then module:log("info", "'%s' matched %s fingerprint %s", host, digest_algo:upper(), hashfmt(digest)); session.cert_chain_status = "valid"; session.cert_identity_status = "valid"; return true; else module:log("warn", "'%s' has unknown %s fingerprint %s", host, digest_algo:upper(), hashfmt(digest)); session.cert_chain_status = "invalid"; session.cert_identity_status = "invalid"; end end end);
