Software /
code /
prosody
Diff
plugins/mod_admin_telnet.lua @ 4328:c71777a8b9c7
mod_admin_telnet: Update to newer luasec.
Matthew is responsible for figuring out a nice way to print out the whole chain O:)
author | Paul Aurich <paul@darkrain42.org> |
---|---|
date | Mon, 06 Dec 2010 21:46:36 -0800 |
parent | 3899:eff0c5fe9119 |
child | 4514:ae48e0abc233 |
child | 4540:ddce5b1bdfca |
line wrap: on
line diff
--- a/plugins/mod_admin_telnet.lua Tue Jun 28 17:00:50 2011 +0100 +++ b/plugins/mod_admin_telnet.lua Mon Dec 06 21:46:36 2010 -0800 @@ -573,6 +573,20 @@ end end +-- As much as it pains me to use the 0-based depths that OpenSSL does, +-- I think there's going to be more confusion among operators if we +-- break from that. +local function print_errors(print, errors) + for depth, t in ipairs(errors) do + print( + (" %d: %s"):format( + depth-1, + table.concat(t, "\n| ") + ) + ); + end +end + function def_env.s2s:showcert(domain) local ser = require "util.serialization".serialize; local print = self.session.print; @@ -588,16 +602,17 @@ for session in domain_sessions do local conn = session.conn; conn = conn and conn:socket(); - if not conn.getpeercertificate then + if not conn.getpeerchain then if conn.dohandshake then error("This version of LuaSec does not support certificate viewing"); end else - local cert = conn:getpeercertificate(); + local certs = conn:getpeerchain(); + local cert = certs[1]; if cert then local digest = cert:digest("sha1"); if not cert_set[digest] then - local chain_valid, chain_err = conn:getpeerchainvalid(); + local chain_valid, chain_errors = conn:getpeerverification(); cert_set[digest] = { { from = session.from_host, @@ -605,8 +620,8 @@ direction = session.direction }; chain_valid = chain_valid; - chain_err = chain_err; - cert = cert; + chain_errors = chain_errors; + certs = certs; }; else table.insert(cert_set[digest], { @@ -635,7 +650,8 @@ end for cert_info in values(domain_certs) do - local cert = cert_info.cert; + local certs = cert_info.certs; + local cert = certs[1]; print("---") print("Fingerprint (SHA1): "..pretty_fingerprint(cert:digest("sha1"))); print(""); @@ -649,9 +665,15 @@ end end print(""); - local chain_valid, err = cert_info.chain_valid, cert_info.chain_err; + local chain_valid, errors = cert_info.chain_valid, cert_info.chain_errors; local valid_identity = cert_verify_identity(domain, "xmpp-server", cert); - print("Trusted certificate: "..(chain_valid and "Yes" or ("No ("..err..")"))); + if chain_valid then + print("Trusted certificate: Yes"); + else + print("Trusted certificate: No"); + print_errors(print, errors); + end + print(""); print("Issuer: "); print_subject(print, cert:issuer()); print("");