Comparison

prosodyctl @ 7210:48149ecbb649

prosodyctl: check certs: Warn about certificate expiry in the near future
author Kim Alvefur <zash@zash.se>
date Sun, 28 Feb 2016 18:24:12 +0100
parent 7209:92e5036bc55c
child 7211:117f4a627813
child 7212:167dbd29fbeb
comparison
equal deleted inserted replaced
7209:92e5036bc55c 7210:48149ecbb649
1241 print(" Certificate: "..ssl_config.certificate) 1241 print(" Certificate: "..ssl_config.certificate)
1242 local cert = load_cert(cert_fh:read"*a"); cert_fh = cert_fh:close(); 1242 local cert = load_cert(cert_fh:read"*a"); cert_fh = cert_fh:close();
1243 if not cert:validat(os.time()) then 1243 if not cert:validat(os.time()) then
1244 print(" Certificate has expired.") 1244 print(" Certificate has expired.")
1245 cert_ok = false 1245 cert_ok = false
1246 elseif not cert:validat(os.time() + 86400) then
1247 print(" Certificate expires within one day.")
1248 cert_ok = false
1249 elseif not cert:validat(os.time() + 86400*7) then
1250 print(" Certificate expires within one week.")
1251 elseif not cert:validat(os.time() + 86400*13) then
1252 print(" Certificate expires within one month.")
1246 end 1253 end
1247 if config.get(host, "component_module") == nil 1254 if config.get(host, "component_module") == nil
1248 and not x509_verify_identity(host, "_xmpp-client", cert) then 1255 and not x509_verify_identity(host, "_xmpp-client", cert) then
1249 print(" Not vaild for client connections to "..host..".") 1256 print(" Not vaild for client connections to "..host..".")
1250 cert_ok = false 1257 cert_ok = false