prosody-modules: comparison mod_s2s_keysize_policy/mod_s2s_keysize

equal deleted inserted replaced

-:47fb4f36dacd
+:3e4d15ae2133
 module:hook("s2s-check-certificate", function(event)
 	local host, session, cert = event.host, event.session, event.cert;
 	if cert and cert.pubkey then
 		local _, key_type, key_size = cert:pubkey();
 		if key_size < ( weak_key_size[key_type] or 0 ) then
-			local issued = parse_x509_datetime(cert:notbefore());
+			local expires = parse_x509_datetime(cert:notafter());
-			if issued > weak_key_cutoff then
+			if expires > weak_key_cutoff then
-				session.log("error", "%s has a %s-bit %s key issued after 31 December 2013, invalidating trust!", host, key_size, key_type);
+				session.log("error", "%s has a %s-bit %s key valid after 31 December 2013, invalidating trust!", host, key_size, key_type);
 				session.cert_chain_status = "invalid";
 				session.cert_identity_status = "invalid";
 			else
 				session.log("warn", "%s has a %s-bit %s key", host, key_size, key_type);
 			end

changeset 1593	3e4d15ae2133
parent 1325	b21236b6b8d8