prosody
a405884c62f4
plugins/mod_s2s_auth_certs.lua
Software / code / prosody
Comparison
plugins/mod_s2s_auth_certs.lua @ 11835:a405884c62f4
mod_s2s_auth_certs: Collect stats on validation results (for #975)
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 05 Oct 2021 16:30:41 +0200 |
| parent | 10454:6c3fccb75b38 |
| child | 12480:7e9ebdc75ce4 |
comparison
equal
deleted
inserted
replaced
| 11834:f54d9abc4e14 | 11835:a405884c62f4 |
|---|---|
| 1 module:set_global(); | 1 module:set_global(); |
| 2 | 2 |
| 3 local cert_verify_identity = require "util.x509".verify_identity; | 3 local cert_verify_identity = require "util.x509".verify_identity; |
| 4 local NULL = {}; | 4 local NULL = {}; |
| 5 local log = module._log; | 5 local log = module._log; |
| 6 | |
| 7 local measure_cert_statuses = module:metric("counter", "checked", "", "Certificate validation results", | |
| 8 { "chain"; "identity" }) | |
| 6 | 9 |
| 7 module:hook("s2s-check-certificate", function(event) | 10 module:hook("s2s-check-certificate", function(event) |
| 8 local session, host, cert = event.session, event.host, event.cert; | 11 local session, host, cert = event.session, event.host, event.cert; |
| 9 local conn = session.conn:socket(); | 12 local conn = session.conn:socket(); |
| 10 local log = session.log or log; | 13 local log = session.log or log; |
| 41 session.cert_identity_status = "invalid" | 44 session.cert_identity_status = "invalid" |
| 42 end | 45 end |
| 43 log("debug", "certificate identity validation result: %s", session.cert_identity_status); | 46 log("debug", "certificate identity validation result: %s", session.cert_identity_status); |
| 44 end | 47 end |
| 45 end | 48 end |
| 49 measure_cert_statuses:with_labels(session.cert_chain_status or "unknown", session.cert_identity_status or "unknown"):add(1); | |
| 46 end, 509); | 50 end, 509); |
| 47 | 51 |
