Software /
code /
prosody
File
plugins/mod_s2s_auth_certs.lua @ 12723:4cfd09343947
mod_storage_sql: Strip timestamp precision in queries to fix error (thanks muppeth)
Fixes
Error in SQL transaction: Error executing statement parameters: ERROR: invalid input syntax for integer
This was handled for INSERT in 9524bb7f3944 but not SELECT.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 07 Sep 2022 12:27:12 +0200 |
parent | 12480:7e9ebdc75ce4 |
child | 12808:12bd40b8e105 |
line wrap: on
line source
module:set_global(); local cert_verify_identity = require "util.x509".verify_identity; local NULL = {}; local log = module._log; local measure_cert_statuses = module:metric("counter", "checked", "", "Certificate validation results", { "chain"; "identity" }) module:hook("s2s-check-certificate", function(event) local session, host, cert = event.session, event.host, event.cert; local conn = session.conn; local log = session.log or log; if not cert then log("warn", "No certificate provided by %s", host or "unknown host"); return; end local chain_valid, errors; if conn.ssl_peerverification then chain_valid, errors = conn:ssl_peerverification(); else chain_valid, errors = false, { { "Chain verification not supported by this version of LuaSec" } }; end -- Is there any interest in printing out all/the number of errors here? if not chain_valid then log("debug", "certificate chain validation result: invalid"); for depth, t in pairs(errors or NULL) do log("debug", "certificate error(s) at depth %d: %s", depth-1, table.concat(t, ", ")) end session.cert_chain_status = "invalid"; session.cert_chain_errors = errors; else log("debug", "certificate chain validation result: valid"); session.cert_chain_status = "valid"; -- We'll go ahead and verify the asserted identity if the -- connecting server specified one. if host then if cert_verify_identity(host, "xmpp-server", cert) then session.cert_identity_status = "valid" else session.cert_identity_status = "invalid" end log("debug", "certificate identity validation result: %s", session.cert_identity_status); end end measure_cert_statuses:with_labels(session.cert_chain_status or "unknown", session.cert_identity_status or "unknown"):add(1); end, 509);