--- a/mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua Sat Apr 05 13:40:13 2014 +0200
+++ b/mod_s2s_auth_fingerprint/mod_s2s_auth_fingerprint.lua Sat Apr 05 13:41:12 2014 +0200
@@ -8,7 +8,11 @@
local fingerprints = {};
local function hashprep(h)
- return tostring(h):lower():gsub(":","");
+ return tostring(h):gsub(":",""):lower();
+end
+
+local function hashfmt(h)
+ return h:gsub("..",":%0"):sub(2):upper();
end
for host, set in pairs(module:get_option("s2s_trusted_fingerprints", {})) do
@@ -30,10 +34,12 @@
if host_fingerprints then
local digest = cert and cert:digest(digest_algo);
if host_fingerprints[digest] then
+ module:log("info", "'%s' matched %s fingerprint %s", host, digest_algo:upper(), hashfmt(digest));
session.cert_chain_status = "valid";
session.cert_identity_status = "valid";
return true;
else
+ module:log("warn", "'%s' has unknown %s fingerprint %s", host, digest_algo:upper(), hashfmt(digest));
session.cert_chain_status = "invalid";
session.cert_identity_status = "invalid";
end