From: Kim Alvefur Date: Tue, 8 May 2012 22:34:24 +0000 (+0200) Subject: util.x509: Remove logic for generating certificate configs X-Git-Url: https://git.enpas.org/?a=commitdiff_plain;h=894b097aa28904d6579cdd737a43b605ecb1562b;p=prosody.git util.x509: Remove logic for generating certificate configs --- diff --git a/util/x509.lua b/util/x509.lua index f106e6fa..19d4ec6d 100644 --- a/util/x509.lua +++ b/util/x509.lua @@ -212,109 +212,4 @@ function verify_identity(host, service, cert) return false end --- TODO Rename? Split out subroutines? --- Also, this is probably openssl specific, what TODO about that? -function genx509san(hosts, config, certhosts, raw) -- recive config through that or some better way? - local function utf8string(s) - -- This is how we tell openssl not to encode UTF-8 strings as Latin1 - return s_format("FORMAT:UTF8,UTF8:%s", s); - end - - local function ia5string(s) - return s_format("IA5STRING:%s", s); - end - - local function dnsname(t, host) - t_insert(t.DNS, idna_to_ascii(host)); - end - - local function srvname(t, host, service) - t_insert(t.otherName, s_format("%s;%s", oid_dnssrv, ia5string("_" .. service .."." .. idna_to_ascii(host)))); - end - - local function xmppAddr(t, host) - t_insert(t.otherName, s_format("%s;%s", oid_xmppaddr, utf8string(host))); - end - - ----------------------------- - - local san = { - DNS = {}; - otherName = {}; - }; - - local sslsanconf = { }; - - for i = 1,#certhosts do - local certhost = certhosts[i]; - for name, host in pairs(hosts) do - if name == certhost or name:sub(-1-#certhost) == "."..certhost then - dnsname(san, name); - --print(name .. "#component_module: " .. (config.get(name, "core", "component_module") or "nil")); - if config.get(name, "core", "component_module") == nil then - srvname(san, name, "xmpp-client"); - end - --print(name .. "#anonymous_login: " .. tostring(config.get(name, "core", "anonymous_login"))); - if not (config.get(name, "core", "anonymous_login") or - config.get(name, "core", "authentication") == "anonymous") then - srvname(san, name, "xmpp-server"); - end - xmppAddr(san, name); - end - end - end - - for t, n in pairs(san) do - for i = 1,#n do - t_insert(sslsanconf, s_format("%s.%d = %s", t, i -1, n[i])); - end - end - - return raw and sslsanconf or t_concat(sslsanconf, "\n"); -end - -function baseconf() - return { - req = { - distinguished_name = "distinguished_name", - req_extensions = "v3_extensions", - x509_extensions = "v3_extensions", - prompt = "no", - }, - distinguished_name = { - commonName = "example.com", - countryName = "GB", - localityName = "The Internet", - organizationName = "Your Organisation", - organizationalUnitName = "XMPP Department", - emailAddress = "xmpp@example.com", - }, - v3_extensions = { - basicConstraints = "CA:FALSE", - keyUsage = "digitalSignature,keyEncipherment", - extendedKeyUsage = "serverAuth,clientAuth", - subjectAltName = "@subject_alternative_name", - }, - subject_alternative_name = { }, - } -end - -function serialize_conf(conf) - local s = ""; - for k, t in pairs(conf) do - s = s .. ("[%s]\n"):format(k); - if t[1] then - for i, v in ipairs(t) do - s = s .. ("%s\n"):format(v); - end - else - for k, v in pairs(t) do - s = s .. ("%s = %s\n"):format(k, v); - end - end - s = s .. "\n"; - end - return s; -end - return _M;