Software /
code /
prosody-modules
File
mod_checkcerts/mod_checkcerts.lua @ 748:f25b6a9f97bb
mod_compat_bind: Compatibility (ugh) with clients that send the resource bind to the login host (ugh)
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Thu, 26 Jul 2012 14:27:41 +0100 |
parent | 667:ea9941812721 |
child | 855:1983d4d51e1a |
line wrap: on
line source
local ssl = require"ssl"; if not ssl.cert_from_pem then module:log("error", "This version of LuaSec (%s) doesn't support certificate checking", ssl._VERSION); return end local function check_certs_validity() local ssl_config = config.rawget(module.host, "core", "ssl"); if not ssl_config then local base_host = module.host:match("%.(.*)"); ssl_config = config.get(base_host, "core", "ssl"); end if ssl.cert_from_pem and ssl_config.certificate then local certfile = ssl_config.certificate; local cert; local fh, err = io.open(certfile); cert = fh and fh:read"*a"; cert = cert and ssl.cert_from_pem(cert); if not cert then return end fh:close(); if not cert:valid_at(os.time()) then module:log("warn", "The certificate %s has expired", certfile); elseif not cert:valid_at(os.time()+86400*7) then module:log("warn", "The certificate %s will expire this week", certfile); elseif not cert:valid_at(os.time()+86400*30) then module:log("info", "The certificate %s will expire later this month", certfile); end end end module.load = check_certs_validity; module:hook_global("config-reloaded", check_certs_validity);