Changeset

1431:33a796b2cb91

mod_s2s_auth_dane: Cache logger to save some table lookups and improve readability
author Kim Alvefur <zash@zash.se>
date Wed, 11 Jun 2014 12:50:57 +0200 (2014-06-11)
parents 1430:18f5f1b13353
children 1432:ee2302b78c74
files mod_s2s_auth_dane/mod_s2s_auth_dane.lua
diffstat 1 files changed, 6 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Thu Jun 05 17:13:38 2014 -0400
+++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Wed Jun 11 12:50:57 2014 +0200
@@ -176,6 +176,7 @@
 
 module:hook("s2s-check-certificate", function(event)
 	local session, cert = event.session, event.cert;
+	local log = session.log or module._log;
 	local dane = session.dane;
 	if type(dane) == "table" then
 		local use, tlsa, match_found, supported_found, chain, leafcert, cacert, is_match;
@@ -193,7 +194,7 @@
 						supported_found = true;
 					end
 					if is_match then
-						(session.log or module._log)("info", "DANE validation successful");
+						log("info", "DANE validation successful");
 						session.cert_identity_status = "valid";
 						if use == 3 then -- DANE-EE, chain status equals DNSSEC chain status
 							session.cert_chain_status = "valid";
@@ -218,7 +219,7 @@
 							break;
 						end
 						if is_match then
-							(session.log or module._log)("info", "DANE validation successful");
+							log("info", "DANE validation successful");
 							if use == 2 then -- DANE-TA
 								session.cert_identity_status = "valid";
 								session.cert_chain_status = "valid";
@@ -234,7 +235,7 @@
 		end
 		if supported_found and not match_found or dane.bogus then
 			-- No TLSA matched or response was bogus
-			(session.log or module._log)("warn", "DANE validation failed");
+			log("warn", "DANE validation failed");
 			session.cert_identity_status = "invalid";
 			session.cert_chain_status = "invalid";
 		end
@@ -244,10 +245,10 @@
 			local srv_hosts, srv_choice, srv_target = session.srv_hosts, session.srv_choice;
 			for i = srv_choice or 1, srv_choice or #srv_hosts do
 				srv_target = session.srv_hosts[i].target:gsub("%.?$","");
-				(session.log or module._log)("debug", "Comparing certificate with Secure SRV target %s", srv_target);
+				log("debug", "Comparing certificate with Secure SRV target %s", srv_target);
 				srv_target = nameprep(idna_to_unicode());
 				if srv_target and cert_verify_identity(srv_target, "xmpp-server", cert) then
-					(session.log or module._log)("info", "Certificate matches Secure SRV target %s", srv_target);
+					log("info", "Certificate matches Secure SRV target %s", srv_target);
 					session.cert_identity_status = "valid";
 					return;
 				end