|
1 |
|
2 assert(require"ssl.core".info, "Incompatible LuaSec version"); |
|
3 |
|
4 local function hook(event_name, typ, policy) |
|
5 if not policy then return end |
|
6 if policy == "FS" then |
|
7 policy = { key = "DH$" }; |
|
8 elseif type(policy) == "string" then |
|
9 policy = { cipher = policy }; |
|
10 end |
|
11 |
|
12 module:hook(event_name, function (event) |
|
13 local origin = event.origin; |
|
14 if origin.encrypted then |
|
15 local info = origin.conn:socket():info(); |
|
16 for key, what in pairs(policy) do |
|
17 module:log("debug", "Does info[%q] = %s match %s ?", key, tostring(info[key]), tostring(what)); |
|
18 if (type(what) == "number" and what < info[key] ) or (type(what) == "string" and not what:match(info[key])) then |
|
19 origin:close({ condition = "policy-violation", text = "Cipher not acceptable" }); |
|
20 return false; |
|
21 end |
|
22 module:log("debug", "Seems so"); |
|
23 end |
|
24 module:log("debug", "Policy matches"); |
|
25 end |
|
26 end, 1000); |
|
27 end |
|
28 |
|
29 local policy = module:get_option(module.name, {}); |
|
30 |
|
31 if type(policy) == "string" then |
|
32 policy = { c2s = policy, s2s = policy }; |
|
33 end |
|
34 |
|
35 hook("stream-features", "c2s", policy.c2s); |
|
36 hook("s2s-stream-features", "s2sin", policy.s2sin or policy.s2s); |
|
37 hook("stanza/http://etherx.jabber.org/streams:features", "s2sout", policy.s2sout or policy.s2s); |