equal
deleted
inserted
replaced
6 |
6 |
7 local untrusted_fail_watchers = module:get_option_set("untrusted_fail_watchers", module:get_option("admins", {})) / jid_prep; |
7 local untrusted_fail_watchers = module:get_option_set("untrusted_fail_watchers", module:get_option("admins", {})) / jid_prep; |
8 local untrusted_fail_notification = module:get_option("untrusted_fail_notification", "Establishing a secure connection from $from_host to $to_host failed. Certificate hash: $sha1. $errors"); |
8 local untrusted_fail_notification = module:get_option("untrusted_fail_notification", "Establishing a secure connection from $from_host to $to_host failed. Certificate hash: $sha1. $errors"); |
9 |
9 |
10 local st = require "util.stanza"; |
10 local st = require "util.stanza"; |
|
11 |
|
12 local notified_about_already = { }; |
11 |
13 |
12 module:hook_global("s2s-check-certificate", function (event) |
14 module:hook_global("s2s-check-certificate", function (event) |
13 local session, host = event.session, event.host; |
15 local session, host = event.session, event.host; |
14 local conn = session.conn:socket(); |
16 local conn = session.conn:socket(); |
15 local local_host = session.direction == "outgoing" and session.from_host or session.to_host; |
17 local local_host = session.direction == "outgoing" and session.from_host or session.to_host; |
23 must_secure = true; |
25 must_secure = true; |
24 elseif must_secure and insecure_domains[host] then |
26 elseif must_secure and insecure_domains[host] then |
25 must_secure = false; |
27 must_secure = false; |
26 end |
28 end |
27 |
29 |
28 if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then |
30 if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") and not notified_about_already[host] then |
|
31 notified_about_already[host] = os.time(); |
29 local _, errors = conn:getpeerverification(); |
32 local _, errors = conn:getpeerverification(); |
30 local error_message = ""; |
33 local error_message = ""; |
31 |
34 |
32 for depth, t in pairs(errors or {}) do |
35 for depth, t in pairs(errors or {}) do |
33 if #t > 0 then |
36 if #t > 0 then |
52 module:send(message); |
55 module:send(message); |
53 end |
56 end |
54 end |
57 end |
55 end, -0.5); |
58 end, -0.5); |
56 |
59 |
|
60 module:add_timer(14400, function (now) |
|
61 for host, time in pairs(notified_about_already) do |
|
62 if time + 86400 > now then |
|
63 notified_about_already[host] = nil; |
|
64 end |
|
65 end |
|
66 end) |