Merge 0.9->0.10

[prosody.git] / util / x509.lua

diff --git a/util/x509.lua b/util/x509.lua
index d3c55bb40b9376e3db03f9814690a1d687a9706a..5e1b49e501d3945fcce38593227b62649703d531 100644 (file)
--- a/util/x509.lua
+++ b/util/x509.lua
@@ -20,7 +20,9 @@
 
 local nameprep = require "util.encodings".stringprep.nameprep;
 local idna_to_ascii = require "util.encodings".idna.to_ascii;
+local base64 = require "util.encodings".base64;
 local log = require "util.logger".init("x509");
+local s_format = string.format;
 
 module "x509"
 
@@ -157,7 +159,9 @@ function verify_identity(host, service, cert)
 
                if sans[oid_xmppaddr] then
                        had_supported_altnames = true
-                       if compare_xmppaddr(host, sans[oid_xmppaddr]) then return true end
+                       if service == "_xmpp-client" or service == "_xmpp-server" then
+                               if compare_xmppaddr(host, sans[oid_xmppaddr]) then return true end
+                       end
                end
 
                if sans[oid_dnssrv] then
@@ -208,4 +212,23 @@ function verify_identity(host, service, cert)
        return false
 end
 
+local pat = "%-%-%-%-%-BEGIN ([A-Z ]+)%-%-%-%-%-\r?\n"..
+"([0-9A-Za-z+/=\r\n]*)\r?\n%-%-%-%-%-END %1%-%-%-%-%-";
+
+function pem2der(pem)
+       local typ, data = pem:match(pat);
+       if typ and data then
+               return base64.decode(data), typ;
+       end
+end
+
+local wrap = ('.'):rep(64);
+local envelope = "-----BEGIN %s-----\n%s\n-----END %s-----\n"
+
+function der2pem(data, typ)
+       typ = typ and typ:upper() or "CERTIFICATE";
+       data = base64.encode(data);
+       return s_format(envelope, typ, data:gsub(wrap, '%0\n', (#data-1)/64), typ);
+end
+
 return _M;