Mercurial Mercurial > prosody > prosody-modules / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_watchuntrusted/mod_watchuntrusted.lua
changeset 1679 116488cced16
parent 1188 5eaecb7f680d
child 1697 2328cbc41045
equal deleted inserted replaced
1678:7f4c64cfed09 1679:116488cced16 
     6 
     6 
     7 local untrusted_fail_watchers = module:get_option_set("untrusted_fail_watchers", module:get_option("admins", {})) / jid_prep;
 
     7 local untrusted_fail_watchers = module:get_option_set("untrusted_fail_watchers", module:get_option("admins", {})) / jid_prep;
 
     8 local untrusted_fail_notification = module:get_option("untrusted_fail_notification", "Establishing a secure connection from $from_host to $to_host failed. Certificate hash: $sha1. $errors");
 
     8 local untrusted_fail_notification = module:get_option("untrusted_fail_notification", "Establishing a secure connection from $from_host to $to_host failed. Certificate hash: $sha1. $errors");
 
     9 
     9 
    10 local st = require "util.stanza";
 
    10 local st = require "util.stanza";
 
       
    11 
       
    12 local notified_about_already = { };
 
    11 
    13 
    12 module:hook_global("s2s-check-certificate", function (event)
 
    14 module:hook_global("s2s-check-certificate", function (event)
 
    13     local session, host = event.session, event.host;
 
    15     local session, host = event.session, event.host;
 
    14     local conn = session.conn:socket();
 
    16     local conn = session.conn:socket();
 
    15     local local_host = session.direction == "outgoing" and session.from_host or session.to_host;
 
    17     local local_host = session.direction == "outgoing" and session.from_host or session.to_host;
 
    23             must_secure = true;
 
    25             must_secure = true;
 
    24     elseif must_secure and insecure_domains[host] then
 
    26     elseif must_secure and insecure_domains[host] then
 
    25             must_secure = false;
 
    27             must_secure = false;
 
    26     end
 
    28     end
 
    27 
    29 
    28     if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then
 
    30     if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") and not notified_about_already[host] then
 
       
    31 		notified_about_already[host] = os.time();
 
    29 		local _, errors = conn:getpeerverification();
 
    32 		local _, errors = conn:getpeerverification();
 
    30 		local error_message = "";
 
    33 		local error_message = "";
 
    31 
    34 
    32 		for depth, t in pairs(errors or {}) do
 
    35 		for depth, t in pairs(errors or {}) do
 
    33 			if #t > 0 then
 
    36 			if #t > 0 then
 
    52 			module:send(message);
 
    55 			module:send(message);
 
    53 		end
 
    56 		end
 
    54 	end
 
    57 	end
 
    55 end, -0.5);
 
    58 end, -0.5);
 
    56 
    59 
       
    60 module:add_timer(14400, function (now)
 
       
    61 	for host, time in pairs(notified_about_already) do
 
       
    62 		if time + 86400 > now then
 
       
    63 			notified_about_already[host] = nil;
 
       
    64 		end
 
       
    65 	end
 
       
    66 end)
prosody-modules