Mercurial Mercurial > prosody > prosody-modules / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_client_certs/mod_client_certs.lua
changeset 1096 1abb8f2a5761
parent 990 17ba2c59d661
child 1343 7dbde05b48a9
equal deleted inserted replaced
1095:cb21928bca1d 1096:1abb8f2a5761 
    41 	module:log("debug", "This certificate is already expired.");
 
    41 	module:log("debug", "This certificate is already expired.");
 
    42 	return nil, "This certificate is expired.";
 
    42 	return nil, "This certificate is expired.";
 
    43 	end
 
    43 	end
 
    44 	--]]
 
    44 	--]]
 
    45 
    45 
    46 	if not cert:valid_at(os.time()) then
 
    46 	if not cert:validat(os.time()) then
 
    47 		module:log("debug", "This certificate is not valid at this moment.");
 
    47 		module:log("debug", "This certificate is not valid at this moment.");
 
    48 	end
 
    48 	end
 
    49 
    49 
    50 	local valid_id_on_xmppAddrs;
 
    50 	local valid_id_on_xmppAddrs;
 
    51 	local require_id_on_xmppAddr = true;
 
    51 	local require_id_on_xmppAddr = true;
 
   142 		end
 
   142 		end
 
   143 		
   143 		
   144 		local can_manage = append:get_child("no-cert-management", xmlns_saslcert) ~= nil;
 
   144 		local can_manage = append:get_child("no-cert-management", xmlns_saslcert) ~= nil;
 
   145 		x509cert = x509cert:gsub("^%s*(.-)%s*$", "%1");
 
   145 		x509cert = x509cert:gsub("^%s*(.-)%s*$", "%1");
 
   146 
   146 
   147 		local cert = x509.cert_from_pem(
 
   147 		local cert = x509.load(
 
   148 		"-----BEGIN CERTIFICATE-----\n"
 
   148 		"-----BEGIN CERTIFICATE-----\n"
 
   149 		.. x509cert ..
 
   149 		.. x509cert ..
 
   150 		"\n-----END CERTIFICATE-----\n");
 
   150 		"\n-----END CERTIFICATE-----\n");
 
   151 
   151 
   152 
   152 
   300 		end
 
   300 		end
 
   301 
   301 
   302 		local name = fields.name;
 
   302 		local name = fields.name;
 
   303 		local x509cert = fields.cert:gsub("^%s*(.-)%s*$", "%1");
 
   303 		local x509cert = fields.cert:gsub("^%s*(.-)%s*$", "%1");
 
   304 
   304 
   305 		local cert = x509.cert_from_pem(
 
   305 		local cert = x509.load(
 
   306 		"-----BEGIN CERTIFICATE-----\n"
 
   306 		"-----BEGIN CERTIFICATE-----\n"
 
   307 		.. x509cert ..
 
   307 		.. x509cert ..
 
   308 		"\n-----END CERTIFICATE-----\n");
 
   308 		"\n-----END CERTIFICATE-----\n");
 
   309 
   309 
   310 		if not cert then
 
   310 		if not cert then
 
   353 		if not cert then
 
   353 		if not cert then
 
   354 			module:log("error", "No Client Certificate");
 
   354 			module:log("error", "No Client Certificate");
 
   355 			return
 
   355 			return
 
   356 		end
 
   356 		end
 
   357 		module:log("info", "Client Certificate: %s", cert:digest(digest_algo));
 
   357 		module:log("info", "Client Certificate: %s", cert:digest(digest_algo));
 
   358 		if not cert:valid_at(now()) then
 
   358 		if not cert:validat(now()) then
 
   359 			module:log("debug", "Client has an expired certificate", cert:digest(digest_algo));
 
   359 			module:log("debug", "Client has an expired certificate", cert:digest(digest_algo));
 
   360 			return
 
   360 			return
 
   361 		end
 
   361 		end
 
   362 		module:log("debug", "Stream features:\n%s", tostring(features));
 
   362 		module:log("debug", "Stream features:\n%s", tostring(features));
 
   363 		local mechs = features:get_child("mechanisms", "urn:ietf:params:xml:ns:xmpp-sasl");
 
   363 		local mechs = features:get_child("mechanisms", "urn:ietf:params:xml:ns:xmpp-sasl");
prosody-modules