File

mod_checkcerts/mod_checkcerts.lua @ 748:f25b6a9f97bb

mod_compat_bind: Compatibility (ugh) with clients that send the resource bind to the login host (ugh)
author Matthew Wild <mwild1@gmail.com>
date Thu, 26 Jul 2012 14:27:41 +0100
parent 667:ea9941812721
child 855:1983d4d51e1a
line wrap: on
line source

local ssl = require"ssl";
if not ssl.cert_from_pem then
	module:log("error", "This version of LuaSec (%s) doesn't support certificate checking", ssl._VERSION);
	return
end

local function check_certs_validity()
	local ssl_config = config.rawget(module.host, "core", "ssl");
	if not ssl_config then
		local base_host = module.host:match("%.(.*)");
		ssl_config = config.get(base_host, "core", "ssl");
	end

	if ssl.cert_from_pem and ssl_config.certificate then
		local certfile = ssl_config.certificate;
		local cert;
		local fh, err = io.open(certfile);
		cert = fh and fh:read"*a";
		cert = cert and ssl.cert_from_pem(cert);
		if not cert then return end
		fh:close();

		if not cert:valid_at(os.time()) then
			module:log("warn", "The certificate %s has expired", certfile);
		elseif not cert:valid_at(os.time()+86400*7) then
			module:log("warn", "The certificate %s will expire this week", certfile);
		elseif not cert:valid_at(os.time()+86400*30) then
			module:log("info", "The certificate %s will expire later this month", certfile);
		end
	end
end

module.load = check_certs_validity;
module:hook_global("config-reloaded", check_certs_validity);