# HG changeset patch # User Kim Alvefur # Date 1396698072 -7200 # Node ID 11b6170a50f70f64798b73d31256a3b0fbe13b67 # Parent 703041357f899ebc66aeaba9eba8ac406833465d mod_s2s_auth_fingerprint: Log current fingerprint and match status diff -r 703041357f89 -r 11b6170a50f7 mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua --- a/mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua Sat Apr 05 13:40:13 2014 +0200 +++ b/mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua Sat Apr 05 13:41:12 2014 +0200 @@ -8,7 +8,11 @@ local fingerprints = {}; local function hashprep(h) - return tostring(h):lower():gsub(":",""); + return tostring(h):gsub(":",""):lower(); +end + +local function hashfmt(h) + return h:gsub("..",":%0"):sub(2):upper(); end for host, set in pairs(module:get_option("s2s_trusted_fingerprints", {})) do @@ -30,10 +34,12 @@ if host_fingerprints then local digest = cert and cert:digest(digest_algo); if host_fingerprints[digest] then + module:log("info", "'%s' matched %s fingerprint %s", host, digest_algo:upper(), hashfmt(digest)); session.cert_chain_status = "valid"; session.cert_identity_status = "valid"; return true; else + module:log("warn", "'%s' has unknown %s fingerprint %s", host, digest_algo:upper(), hashfmt(digest)); session.cert_chain_status = "invalid"; session.cert_identity_status = "invalid"; end