prosody
117f4a627813
prosodyctl
Software / code / prosody
Comparison
prosodyctl @ 7211:117f4a627813
Merge 0.10->trunk
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 28 Feb 2016 18:25:16 +0100 |
| parent | 7195:39b7ea9141c0 |
| parent | 7210:48149ecbb649 |
| child | 7214:a927edfb54ab |
comparison
equal
deleted
inserted
replaced
| 7207:14ea924a036d | 7211:117f4a627813 |
|---|---|
| 1195 end | 1195 end |
| 1196 if not what or what == "certs" then | 1196 if not what or what == "certs" then |
| 1197 local cert_ok; | 1197 local cert_ok; |
| 1198 print"Checking certificates..." | 1198 print"Checking certificates..." |
| 1199 local x509_verify_identity = require"util.x509".verify_identity; | 1199 local x509_verify_identity = require"util.x509".verify_identity; |
| 1200 local create_context = require "core.certmanager".create_context; | |
| 1200 local ssl = dependencies.softreq"ssl"; | 1201 local ssl = dependencies.softreq"ssl"; |
| 1201 -- local datetime_parse = require"util.datetime".parse_x509; | 1202 -- local datetime_parse = require"util.datetime".parse_x509; |
| 1202 local load_cert = ssl and ssl.loadcertificate; | 1203 local load_cert = ssl and ssl.loadcertificate; |
| 1203 -- or ssl.cert_from_pem | 1204 -- or ssl.cert_from_pem |
| 1204 if not ssl then | 1205 if not ssl then |
| 1209 cert_ok = false | 1210 cert_ok = false |
| 1210 else | 1211 else |
| 1211 for host in enabled_hosts() do | 1212 for host in enabled_hosts() do |
| 1212 print("Checking certificate for "..host); | 1213 print("Checking certificate for "..host); |
| 1213 -- First, let's find out what certificate this host uses. | 1214 -- First, let's find out what certificate this host uses. |
| 1214 local ssl_config = config.rawget(host, "ssl"); | 1215 local host_ssl_config = config.rawget(host, "ssl") |
| 1215 if not ssl_config then | 1216 or config.rawget(host:match("%.(.*)"), "ssl"); |
| 1216 local base_host = host:match("%.(.*)"); | 1217 local global_ssl_config = config.rawget("*", "ssl"); |
| 1217 ssl_config = config.get(base_host, "ssl"); | 1218 local ok, err, ssl_config = create_context(host, "server", host_ssl_config, global_ssl_config); |
| 1218 end | 1219 if not ok then |
| 1219 if not ssl_config then | 1220 print(" Error: "..err); |
| 1220 print(" No 'ssl' option defined for "..host) | |
| 1221 cert_ok = false | 1221 cert_ok = false |
| 1222 elseif not ssl_config.certificate then | 1222 elseif not ssl_config.certificate then |
| 1223 print(" No 'certificate' set in ssl option for "..host) | 1223 print(" No 'certificate' found for "..host) |
| 1224 cert_ok = false | 1224 cert_ok = false |
| 1225 elseif not ssl_config.key then | 1225 elseif not ssl_config.key then |
| 1226 print(" No 'key' set in ssl option for "..host) | 1226 print(" No 'key' found for for "..host) |
| 1227 cert_ok = false | 1227 cert_ok = false |
| 1228 else | 1228 else |
| 1229 local key, err = io.open(ssl_config.key); -- Permissions check only | 1229 local key, err = io.open(ssl_config.key); -- Permissions check only |
| 1230 if not key then | 1230 if not key then |
| 1231 print(" Could not open "..ssl_config.key..": "..err); | 1231 print(" Could not open "..ssl_config.key..": "..err); |
| 1241 print(" Certificate: "..ssl_config.certificate) | 1241 print(" Certificate: "..ssl_config.certificate) |
| 1242 local cert = load_cert(cert_fh:read"*a"); cert_fh = cert_fh:close(); | 1242 local cert = load_cert(cert_fh:read"*a"); cert_fh = cert_fh:close(); |
| 1243 if not cert:validat(os.time()) then | 1243 if not cert:validat(os.time()) then |
| 1244 print(" Certificate has expired.") | 1244 print(" Certificate has expired.") |
| 1245 cert_ok = false | 1245 cert_ok = false |
| 1246 elseif not cert:validat(os.time() + 86400) then | |
| 1247 print(" Certificate expires within one day.") | |
| 1248 cert_ok = false | |
| 1249 elseif not cert:validat(os.time() + 86400*7) then | |
| 1250 print(" Certificate expires within one week.") | |
| 1251 elseif not cert:validat(os.time() + 86400*13) then | |
| 1252 print(" Certificate expires within one month.") | |
| 1246 end | 1253 end |
| 1247 if config.get(host, "component_module") == nil | 1254 if config.get(host, "component_module") == nil |
| 1248 and not x509_verify_identity(host, "_xmpp-client", cert) then | 1255 and not x509_verify_identity(host, "_xmpp-client", cert) then |
| 1249 print(" Not vaild for client connections to "..host..".") | 1256 print(" Not vaild for client connections to "..host..".") |
| 1250 cert_ok = false | 1257 cert_ok = false |
