Mercurial > lxmppd-hg-xmllex / annotate

core/certmanager.lua@1748a49da906 (annotated)

core/certmanager.lua

Thu, 15 Jul 2010 11:28:14 +0500

author
Waqas Hussain <waqas20@gmail.com>
date
Thu, 15 Jul 2010 11:28:14 +0500
changeset 3368
1748a49da906
parent 3367
598c33a99a31
child 3369
9a96969d4670
permissions
-rw-r--r--

certmanager: Defined default_capath to prevent a global nil access.

2554
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 local configmanager = require "core.configmanager";
2630
e8fc67b73820 certmanager: Bring back the friendly errors when failing to load the key/certificate file
Matthew Wild <mwild1@gmail.com>
parents: 2564
diff changeset
2 local log = require "util.logger".init("certmanager");
2554
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 local ssl = ssl;
2564
6b4fe320a6ea certmanager: Fix traceback with no LuaSec
Matthew Wild <mwild1@gmail.com>
parents: 2563
diff changeset
4 local ssl_newcontext = ssl and ssl.newcontext;
2554
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5
2737
e253dd4714d5 certmanager: Fix nil global access (thanks Marc)
Matthew Wild <mwild1@gmail.com>
parents: 2733
diff changeset
6 local setmetatable, tostring = setmetatable, tostring;
2554
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 local prosody = prosody;
3355
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
9 local resolve_path = prosody.resolve_relative_path;
2554
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 module "certmanager"
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 -- Global SSL options if not overridden per-host
3367
598c33a99a31 certmanager: Use an empty table as the default ssl config when a global 'ssl' config option isn't specified (fixes a top-level traceback on startup).
Waqas Hussain <waqas20@gmail.com>
parents: 3356
diff changeset
14 local default_ssl_config = configmanager.get("*", "core", "ssl") or {};
3368
1748a49da906 certmanager: Defined default_capath to prevent a global nil access.
Waqas Hussain <waqas20@gmail.com>
parents: 3367
diff changeset
15 local default_capath = "/etc/ssl/certs";
2554
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16
2628
04958fb28c44 certmanager, hostmanager: Rename get_context() to create_context() to be more explicit about what it does
Matthew Wild <mwild1@gmail.com>
parents: 2564
diff changeset
17 function create_context(host, mode, config)
3355
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
18 if not ssl then return nil; end
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
19
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
20 local user_ssl_config = config and config.core.ssl or default_ssl_config;
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
21
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
22 local ssl_config = {
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
23 mode = mode;
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
24 protocol = user_ssl_config.protocol or "sslv23";
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
25 key = resolve_path(user_ssl_config.key);
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
26 password = user_ssl_config.password;
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
27 certificate = resolve_path(user_ssl_config.certificate);
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
28 capath = resolve_path(user_ssl_config.capath or default_capath);
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
29 cafile = resolve_path(user_ssl_config.cafile);
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
30 verify = user_ssl_config.verify or "none";
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
31 options = user_ssl_config.options or "no_sslv2";
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
32 ciphers = user_ssl_config.ciphers;
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
33 depth = user_ssl_config.depth;
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
34 };
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
35
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
36 local ctx, err = ssl_newcontext(ssl_config);
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
37 if not ctx then
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
38 err = err or "invalid ssl config"
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
39 local file = err:match("^error loading (.-) %(");
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
40 if file then
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
41 if file == "private key" then
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
42 file = ssl_config.key or "your private key";
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
43 elseif file == "certificate" then
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
44 file = ssl_config.certificate or "your certificate file";
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
45 end
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
46 local reason = err:match("%((.+)%)$") or "some reason";
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
47 if reason == "Permission denied" then
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
48 reason = "Check that the permissions allow Prosody to read this file.";
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
49 elseif reason == "No such file or directory" then
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
50 reason = "Check that the path is correct, and the file exists.";
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
51 elseif reason == "system lib" then
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
52 reason = "Previous error (see logs), or other system error.";
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
53 elseif reason == "(null)" or not reason then
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
54 reason = "Check that the file exists and the permissions are correct";
2630
e8fc67b73820 certmanager: Bring back the friendly errors when failing to load the key/certificate file
Matthew Wild <mwild1@gmail.com>
parents: 2564
diff changeset
55 else
3355
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
56 reason = "Reason: "..tostring(reason):lower();
2630
e8fc67b73820 certmanager: Bring back the friendly errors when failing to load the key/certificate file
Matthew Wild <mwild1@gmail.com>
parents: 2564
diff changeset
57 end
3355
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
58 log("error", "SSL/TLS: Failed to load %s: %s", file, reason);
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
59 else
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
60 log("error", "SSL/TLS: Error initialising for host %s: %s", host, err );
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
61 end
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
62 ssl = false
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
63 end
9bb2da325d4d certmanager: Adjust paths of SSL key/certs to be relative to the config file, fixes #147
Matthew Wild <mwild1@gmail.com>
parents: 2738
diff changeset
64 return ctx, err;
2554
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
65 end
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
66
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
67 function reload_ssl_config()
2733
65ad0fdb17ba certmanager: Fix global access
Matthew Wild <mwild1@gmail.com>
parents: 2631
diff changeset
68 default_ssl_config = configmanager.get("*", "core", "ssl");
2554
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
69 end
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
70
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
71 prosody.events.add_handler("config-reloaded", reload_ssl_config);
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
72
b877533d4ec9 certmanager: Hello world, I'm come to manage your SSL contexts
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
73 return _M;

Mercurial Repository: lxmppd-hg-xmllex

mercurial