Mercurial Mercurial > prosody > prosody-modules / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_s2s_keysize_policy/mod_s2s_keysize_policy.lua
changeset 1325 b21236b6b8d8
parent 1324 853a382c9bd6
child 1593 3e4d15ae2133
child 2428 27ffa6521d4e 
--- a/mod_s2s_keysize_policy/mod_s2s_keysize_policy.lua	Fri Feb 28 15:36:06 2014 +0100
+++ b/mod_s2s_keysize_policy/mod_s2s_keysize_policy.lua	Fri Feb 28 15:37:55 2014 +0100
@@ -26,9 +26,9 @@
 	if cert and cert.pubkey then
 		local _, key_type, key_size = cert:pubkey();
 		if key_size < ( weak_key_size[key_type] or 0 ) then
-			local expires = parse_x509_datetime(cert:notafter());
-			if expires > weak_key_cutoff then
-				session.log("error", "%s has a %s-bit %s key valid after 31 December 2013, invalidating trust!", host, key_size, key_type);
+			local issued = parse_x509_datetime(cert:notbefore());
+			if issued > weak_key_cutoff then
+				session.log("error", "%s has a %s-bit %s key issued after 31 December 2013, invalidating trust!", host, key_size, key_type);
 				session.cert_chain_status = "invalid";
 				session.cert_identity_status = "invalid";
 			else
prosody-modules