prosody
58e793288d9c
core/certmanager.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

core/certmanager.lua @ 13116:58e793288d9c

net.tls_luasec: Expose method for loading a certificate Further isolates LuaSec from Prosody core, with the ultimate goal of allowing LuaSec to be replaced more easily.
author Kim Alvefur <zash@zash.se>
date Sat, 27 May 2023 15:40:49 +0200
parent 13115:749376d75b40
child 13179:1b1ed555f307
comparison
equal deleted inserted replaced
13115:749376d75b40 13116:58e793288d9c
4 -- 4 --
5 -- This project is MIT/X11 licensed. Please see the 5 -- This project is MIT/X11 licensed. Please see the
6 -- COPYING file in the source package for more information. 6 -- COPYING file in the source package for more information.
7 -- 7 --
8 8
9 local ssl = require "ssl";
10 local configmanager = require "prosody.core.configmanager"; 9 local configmanager = require "prosody.core.configmanager";
11 local log = require "prosody.util.logger".init("certmanager"); 10 local log = require "prosody.util.logger".init("certmanager");
12 local new_config = require"prosody.net.server".tls_builder; 11 local new_config = require"prosody.net.server".tls_builder;
13 local tls = require "prosody.net.tls_luasec"; 12 local tls = require "prosody.net.tls_luasec";
14 local stat = require "lfs".attributes; 13 local stat = require "lfs".attributes;
96 if f then 95 if f then
97 -- TODO look for chained certificates 96 -- TODO look for chained certificates
98 local firstline = f:read(); 97 local firstline = f:read();
99 if firstline == "-----BEGIN CERTIFICATE-----" and lfs.attributes(find_matching_key(full), "mode") == "file" then 98 if firstline == "-----BEGIN CERTIFICATE-----" and lfs.attributes(find_matching_key(full), "mode") == "file" then
100 f:seek("set") 99 f:seek("set")
101 local cert = ssl.loadcertificate(f:read("*a")) 100 local cert = tls.load_certificate(f:read("*a"))
102 -- TODO if more than one cert is found for a name, the most recently 101 -- TODO if more than one cert is found for a name, the most recently
103 -- issued one should be used. 102 -- issued one should be used.
104 -- for now, just filter out expired certs 103 -- for now, just filter out expired certs
105 -- TODO also check if there's a corresponding key 104 -- TODO also check if there's a corresponding key
106 if cert:validat(now()) then 105 if cert:validat(now()) then