mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-04 13:47:41 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge 0.10->trunk

Browse source
This commit is contained in:
Kim Alvefur 2016-02-28 18:25:16 +01:00
commit 14c13de583
1 changed files with 16 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

25
prosodyctl
View file

@ -1197,6 +1197,7 @@ function commands.check(arg)
local cert_ok; local cert_ok;
print"Checking certificates..." print"Checking certificates..."
local x509_verify_identity = require"util.x509".verify_identity; local x509_verify_identity = require"util.x509".verify_identity;
local create_context = require "core.certmanager".create_context;
local ssl = dependencies.softreq"ssl"; local ssl = dependencies.softreq"ssl";
-- local datetime_parse = require"util.datetime".parse_x509; -- local datetime_parse = require"util.datetime".parse_x509;
local load_cert = ssl and ssl.loadcertificate; local load_cert = ssl and ssl.loadcertificate;
@ -1211,19 +1212,18 @@ function commands.check(arg)
for host in enabled_hosts() do for host in enabled_hosts() do
print("Checking certificate for "..host); print("Checking certificate for "..host);
-- First, let's find out what certificate this host uses. -- First, let's find out what certificate this host uses.
local ssl_config = config.rawget(host, "ssl"); local host_ssl_config = config.rawget(host, "ssl")
if not ssl_config then or config.rawget(host:match("%.(.*)"), "ssl");
local base_host = host:match("%.(.*)"); local global_ssl_config = config.rawget("*", "ssl");
ssl_config = config.get(base_host, "ssl"); local ok, err, ssl_config = create_context(host, "server", host_ssl_config, global_ssl_config);
end if not ok then
if not ssl_config then print(" Error: "..err);
print(" No 'ssl' option defined for "..host)
cert_ok = false cert_ok = false
elseif not ssl_config.certificate then elseif not ssl_config.certificate then
print(" No 'certificate' set in ssl option for "..host) print(" No 'certificate' found for "..host)
cert_ok = false cert_ok = false
elseif not ssl_config.key then elseif not ssl_config.key then
print(" No 'key' set in ssl option for "..host) print(" No 'key' found for for "..host)
cert_ok = false cert_ok = false
else else
local key, err = io.open(ssl_config.key); -- Permissions check only local key, err = io.open(ssl_config.key); -- Permissions check only
@ -1243,6 +1243,13 @@ function commands.check(arg)
if not cert:validat(os.time()) then if not cert:validat(os.time()) then
print(" Certificate has expired.") print(" Certificate has expired.")
cert_ok = false cert_ok = false
elseif not cert:validat(os.time() + 86400) then
print(" Certificate expires within one day.")
cert_ok = false
elseif not cert:validat(os.time() + 86400*7) then
print(" Certificate expires within one week.")
elseif not cert:validat(os.time() + 86400*13) then
print(" Certificate expires within one month.")
end end
if config.get(host, "component_module") == nil if config.get(host, "component_module") == nil
and not x509_verify_identity(host, "_xmpp-client", cert) then and not x509_verify_identity(host, "_xmpp-client", cert) then