mod_log_ringbuffer: Detach event handlers on logging reload (thanks Menel)
Otherwise the global event handlers accumulate, one added each time
logging is reoladed, and each invocation of the signal or event triggers
one dump of each created ringbuffer.
-- Copyright (C) 2013-2014 Kim Alvefur
-- This file is MIT/X11 licensed.
module:set_global();
local digest_algo = module:get_option_string(module:get_name().."_digest", "sha1");
local fingerprints = {};
local function hashprep(h)
return tostring(h):gsub(":",""):lower();
end
local function hashfmt(h)
return h:gsub("..","%0:", #h/2-1):upper();
end
for host, set in pairs(module:get_option("s2s_trusted_fingerprints", {})) do
local host_set = {}
if type(set) == "table" then -- list of fingerprints
for i=1,#set do
host_set[hashprep(set[i])] = true;
end
else -- assume single fingerprint
host_set[hashprep(set)] = true;
end
fingerprints[host] = host_set;
end
module:hook("s2s-check-certificate", function(event)
local session, host, cert = event.session, event.host, event.cert;
local host_fingerprints = fingerprints[host];
if host_fingerprints then
local digest = cert and cert:digest(digest_algo);
if host_fingerprints[digest] then
module:log("info", "'%s' matched %s fingerprint %s", host, digest_algo:upper(), hashfmt(digest));
session.cert_chain_status = "valid";
session.cert_identity_status = "valid";
return true;
else
module:log("warn", "'%s' has unknown %s fingerprint %s", host, digest_algo:upper(), hashfmt(digest));
session.cert_chain_status = "invalid";
session.cert_identity_status = "invalid";
end
end
end);