Software /
code /
prosody
File
plugins/mod_s2s_auth_certs.lua @ 10399:270cb2821566
mod_ping: Remove ad-hoc command
17:27:40 <Ge0rG> Zash: the Ping thing is absolutely worthless
17:27:55 <Zash> The command provided by mod_ping?
17:27:59 <pep.> To own server?
17:28:14 <Ge0rG> the Ping command in mod_admin_web, whatever it maps to
17:28:29 <Ge0rG> > Pong
> 2019-11-07T16:28:16Z
What am I supposed to do with that result?
17:28:29 <Zash> Yeah, mod_ping provides that
17:28:41 <Ge0rG> Is it a ping to my own server? Where's the RTT?
17:28:48 <Zash> Dunno if it's useful for more than verifying that the adhoc command system works
17:29:02 <Ge0rG> (it lags, but there is no indication of how much)
17:29:14 <Zash> It can't really test that itself
17:29:52 <Zash> Anyone opposed to deleting it?
17:30:42 <Zash> Half the module
17:42:47 <MattJ> Zash, I'm fine with removing it
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 07 Nov 2019 19:23:42 +0100 |
parent | 10226:77f900bbbf25 |
child | 10454:6c3fccb75b38 |
line wrap: on
line source
module:set_global(); local cert_verify_identity = require "util.x509".verify_identity; local NULL = {}; local log = module._log; module:hook("s2s-check-certificate", function(event) local session, host, cert = event.session, event.host, event.cert; local conn = session.conn:socket(); local log = session.log or log; if not cert then log("warn", "No certificate provided by %s", host or "unknown host"); return; end local chain_valid, errors; if conn.getpeerverification then chain_valid, errors = conn:getpeerverification(); else chain_valid, errors = false, { { "Chain verification not supported by this version of LuaSec" } }; end -- Is there any interest in printing out all/the number of errors here? if not chain_valid then log("debug", "certificate chain validation result: invalid"); for depth, t in pairs(errors or NULL) do log("debug", "certificate error(s) at depth %d: %s", depth-1, table.concat(t, ", ")) end session.cert_chain_status = "invalid"; else log("debug", "certificate chain validation result: valid"); session.cert_chain_status = "valid"; -- We'll go ahead and verify the asserted identity if the -- connecting server specified one. if host then if cert_verify_identity(host, "xmpp-server", cert) then session.cert_identity_status = "valid" else session.cert_identity_status = "invalid" end log("debug", "certificate identity validation result: %s", session.cert_identity_status); end end end, 509);