summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-ocserv
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2015-01-03 18:50:22 +0100
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2015-01-05 18:59:13 +0100
commitfb4ce0f954865a1412469536b62555b03980ac40 (patch)
treee70249fd17cbc14b5f463513e4a624137ebb48f9 /applications/luci-ocserv
parent5e6c33e213475d7976b6ccb08023ae839e1decf0 (diff)
Print the ocserv's certificate hash and key ID
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'applications/luci-ocserv')
-rw-r--r--applications/luci-ocserv/luasrc/model/cbi/ocserv/main.lua33
1 files changed, 33 insertions, 0 deletions
diff --git a/applications/luci-ocserv/luasrc/model/cbi/ocserv/main.lua b/applications/luci-ocserv/luasrc/model/cbi/ocserv/main.lua
index a909649df9..c4289f0520 100644
--- a/applications/luci-ocserv/luasrc/model/cbi/ocserv/main.lua
+++ b/applications/luci-ocserv/luasrc/model/cbi/ocserv/main.lua
@@ -27,6 +27,39 @@ local e = s:taboption("general", Flag, "enable", translate("Enable server"))
e.rmempty = false
e.default = "1"
+local o_sha = s:taboption("general", DummyValue, "sha_hash", translate("Server's certificate SHA1 hash"),
+ translate("That value should be communicated to the client to verify the server's certificate"))
+local o_pki = s:taboption("general", DummyValue, "pkid", translate("Server's Public Key ID"),
+ translate("An alternative value to be communicated to the client to verify the server's certificate; this value only depends on the public key"))
+
+local fd = io.popen("/usr/bin/certtool -i --infile /etc/ocserv/server-cert.pem", "r")
+if fd then local ln
+ local found_sha = false
+ local found_pki = false
+ local complete = 0
+ while complete < 2 do
+ local ln = fd:read("*l")
+ if not ln then
+ break
+ elseif ln:match("SHA%-?1 fingerprint:") then
+ found_sha = true
+ elseif found_sha then
+ local hash = ln:match("([a-f0-9]+)")
+ o_sha.default = hash and hash:upper()
+ complete = complete + 1
+ found_sha = false
+ elseif ln:match("Public Key I[Dd]:") then
+ found_pki = true
+ elseif found_pki then
+ local hash = ln:match("([a-f0-9]+)")
+ o_pki.default = hash and hash:upper()
+ complete = complete + 1
+ found_pki = false
+ end
+ end
+ fd:close()
+end
+
function m.on_commit(map)
luci.sys.call("/usr/bin/occtl reload >/dev/null 2>&1")
end