prosody
071715a18394
plugins/mod_s2s_auth_certs.lua
Software / code / prosody
File
plugins/mod_s2s_auth_certs.lua @ 11769:071715a18394
mod_pubsub: Move reversal of item order in <items>
Examples in XEP-0060 suggest that items should be listed in
chronological order, but we get them from the archive in reverse
order.
However when requesting specific items by id the results keep that
order and we don't want to flip it again.
At some point it would likely be best to use the archive API directly
instead of this util.cache-compatible wrapper.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 05 Sep 2021 18:42:44 +0200 |
| parent | 10454:6c3fccb75b38 |
| child | 11835:a405884c62f4 |
line wrap: on
line source
module:set_global(); local cert_verify_identity = require "util.x509".verify_identity; local NULL = {}; local log = module._log; module:hook("s2s-check-certificate", function(event) local session, host, cert = event.session, event.host, event.cert; local conn = session.conn:socket(); local log = session.log or log; if not cert then log("warn", "No certificate provided by %s", host or "unknown host"); return; end local chain_valid, errors; if conn.getpeerverification then chain_valid, errors = conn:getpeerverification(); else chain_valid, errors = false, { { "Chain verification not supported by this version of LuaSec" } }; end -- Is there any interest in printing out all/the number of errors here? if not chain_valid then log("debug", "certificate chain validation result: invalid"); for depth, t in pairs(errors or NULL) do log("debug", "certificate error(s) at depth %d: %s", depth-1, table.concat(t, ", ")) end session.cert_chain_status = "invalid"; session.cert_chain_errors = errors; else log("debug", "certificate chain validation result: valid"); session.cert_chain_status = "valid"; -- We'll go ahead and verify the asserted identity if the -- connecting server specified one. if host then if cert_verify_identity(host, "xmpp-server", cert) then session.cert_identity_status = "valid" else session.cert_identity_status = "invalid" end log("debug", "certificate identity validation result: %s", session.cert_identity_status); end end end, 509);
