view mod_checkcerts/mod_checkcerts.lua @ 737:e4ea03b060ed

mod_archive: switch from/to The XEP-0136 is not very explicit about the meening of <from> and <to> elements, but the examples are clear: <from> means it comes from the user in the 'with' attribute of the collection. That is the opposite of what is currently implemented in that module. So for better compatibility with complient clients, this switch the 'from' and 'to' fields
author Olivier Goffart <ogoffart@woboq.com>
date Wed, 04 Jul 2012 14:08:43 +0200
parents ea9941812721
children 1983d4d51e1a
line wrap: on
line source

local ssl = require"ssl";
if not ssl.cert_from_pem then
	module:log("error", "This version of LuaSec (%s) doesn't support certificate checking", ssl._VERSION);
	return
end

local function check_certs_validity()
	local ssl_config = config.rawget(module.host, "core", "ssl");
	if not ssl_config then
		local base_host = module.host:match("%.(.*)");
		ssl_config = config.get(base_host, "core", "ssl");
	end

	if ssl.cert_from_pem and ssl_config.certificate then
		local certfile = ssl_config.certificate;
		local cert;
		local fh, err = io.open(certfile);
		cert = fh and fh:read"*a";
		cert = cert and ssl.cert_from_pem(cert);
		if not cert then return end
		fh:close();

		if not cert:valid_at(os.time()) then
			module:log("warn", "The certificate %s has expired", certfile);
		elseif not cert:valid_at(os.time()+86400*7) then
			module:log("warn", "The certificate %s will expire this week", certfile);
		elseif not cert:valid_at(os.time()+86400*30) then
			module:log("info", "The certificate %s will expire later this month", certfile);
		end
	end
end

module.load = check_certs_validity;
module:hook_global("config-reloaded", check_certs_validity);