Mercurial > prosody-hg
comparison plugins/mod_admin_telnet.lua @ 4328:c71777a8b9c7
mod_admin_telnet: Update to newer luasec.
Matthew is responsible for figuring out a nice way to print out the whole chain O:)
| author | Paul Aurich <paul@darkrain42.org> |
|---|---|
| date | Mon, 06 Dec 2010 21:46:36 -0800 |
| parents | eff0c5fe9119 |
| children | ae48e0abc233 ddce5b1bdfca |
comparison
equal
deleted
inserted
replaced
| 4327:98ae0d0b4d07 | 4328:c71777a8b9c7 |
|---|---|
| 571 ) | 571 ) |
| 572 ); | 572 ); |
| 573 end | 573 end |
| 574 end | 574 end |
| 575 | 575 |
| 576 -- As much as it pains me to use the 0-based depths that OpenSSL does, | |
| 577 -- I think there's going to be more confusion among operators if we | |
| 578 -- break from that. | |
| 579 local function print_errors(print, errors) | |
| 580 for depth, t in ipairs(errors) do | |
| 581 print( | |
| 582 (" %d: %s"):format( | |
| 583 depth-1, | |
| 584 table.concat(t, "\n| ") | |
| 585 ) | |
| 586 ); | |
| 587 end | |
| 588 end | |
| 589 | |
| 576 function def_env.s2s:showcert(domain) | 590 function def_env.s2s:showcert(domain) |
| 577 local ser = require "util.serialization".serialize; | 591 local ser = require "util.serialization".serialize; |
| 578 local print = self.session.print; | 592 local print = self.session.print; |
| 579 local domain_sessions = set.new(array.collect(keys(incoming_s2s))) | 593 local domain_sessions = set.new(array.collect(keys(incoming_s2s))) |
| 580 /function(session) return session.from_host == domain; end; | 594 /function(session) return session.from_host == domain; end; |
| 586 end | 600 end |
| 587 local cert_set = {}; | 601 local cert_set = {}; |
| 588 for session in domain_sessions do | 602 for session in domain_sessions do |
| 589 local conn = session.conn; | 603 local conn = session.conn; |
| 590 conn = conn and conn:socket(); | 604 conn = conn and conn:socket(); |
| 591 if not conn.getpeercertificate then | 605 if not conn.getpeerchain then |
| 592 if conn.dohandshake then | 606 if conn.dohandshake then |
| 593 error("This version of LuaSec does not support certificate viewing"); | 607 error("This version of LuaSec does not support certificate viewing"); |
| 594 end | 608 end |
| 595 else | 609 else |
| 596 local cert = conn:getpeercertificate(); | 610 local certs = conn:getpeerchain(); |
| 611 local cert = certs[1]; | |
| 597 if cert then | 612 if cert then |
| 598 local digest = cert:digest("sha1"); | 613 local digest = cert:digest("sha1"); |
| 599 if not cert_set[digest] then | 614 if not cert_set[digest] then |
| 600 local chain_valid, chain_err = conn:getpeerchainvalid(); | 615 local chain_valid, chain_errors = conn:getpeerverification(); |
| 601 cert_set[digest] = { | 616 cert_set[digest] = { |
| 602 { | 617 { |
| 603 from = session.from_host, | 618 from = session.from_host, |
| 604 to = session.to_host, | 619 to = session.to_host, |
| 605 direction = session.direction | 620 direction = session.direction |
| 606 }; | 621 }; |
| 607 chain_valid = chain_valid; | 622 chain_valid = chain_valid; |
| 608 chain_err = chain_err; | 623 chain_errors = chain_errors; |
| 609 cert = cert; | 624 certs = certs; |
| 610 }; | 625 }; |
| 611 else | 626 else |
| 612 table.insert(cert_set[digest], { | 627 table.insert(cert_set[digest], { |
| 613 from = session.from_host, | 628 from = session.from_host, |
| 614 to = session.to_host, | 629 to = session.to_host, |
| 633 local function pretty_fingerprint(hash) | 648 local function pretty_fingerprint(hash) |
| 634 return hash:gsub("..", _capitalize_and_colon):sub(1, -2); | 649 return hash:gsub("..", _capitalize_and_colon):sub(1, -2); |
| 635 end | 650 end |
| 636 | 651 |
| 637 for cert_info in values(domain_certs) do | 652 for cert_info in values(domain_certs) do |
| 638 local cert = cert_info.cert; | 653 local certs = cert_info.certs; |
| 654 local cert = certs[1]; | |
| 639 print("---") | 655 print("---") |
| 640 print("Fingerprint (SHA1): "..pretty_fingerprint(cert:digest("sha1"))); | 656 print("Fingerprint (SHA1): "..pretty_fingerprint(cert:digest("sha1"))); |
| 641 print(""); | 657 print(""); |
| 642 local n_streams = #cert_info; | 658 local n_streams = #cert_info; |
| 643 print("Currently used on "..n_streams.." stream"..(n_streams==1 and "" or "s")..":"); | 659 print("Currently used on "..n_streams.." stream"..(n_streams==1 and "" or "s")..":"); |
| 647 else | 663 else |
| 648 print(" "..stream.from.." -> "..stream.to); | 664 print(" "..stream.from.." -> "..stream.to); |
| 649 end | 665 end |
| 650 end | 666 end |
| 651 print(""); | 667 print(""); |
| 652 local chain_valid, err = cert_info.chain_valid, cert_info.chain_err; | 668 local chain_valid, errors = cert_info.chain_valid, cert_info.chain_errors; |
| 653 local valid_identity = cert_verify_identity(domain, "xmpp-server", cert); | 669 local valid_identity = cert_verify_identity(domain, "xmpp-server", cert); |
| 654 print("Trusted certificate: "..(chain_valid and "Yes" or ("No ("..err..")"))); | 670 if chain_valid then |
| 671 print("Trusted certificate: Yes"); | |
| 672 else | |
| 673 print("Trusted certificate: No"); | |
| 674 print_errors(print, errors); | |
| 675 end | |
| 676 print(""); | |
| 655 print("Issuer: "); | 677 print("Issuer: "); |
| 656 print_subject(print, cert:issuer()); | 678 print_subject(print, cert:issuer()); |
| 657 print(""); | 679 print(""); |
| 658 print("Valid for "..domain..": "..(valid_identity and "Yes" or "No")); | 680 print("Valid for "..domain..": "..(valid_identity and "Yes" or "No")); |
| 659 print("Subject:"); | 681 print("Subject:"); |
