prosody-modules: mod_s2s_auth_samecert/mod_s2s_auth_samecert.lua annotate

annotate mod_s2s_auth_samecert/mod_s2s_auth_samecert.lua @ 3866:c0df50ce96f0

mod_rest: Handle internal http request errors early and then return Skips over attempted parsing of the payload which usually failed since the body is an error string like "connection refused", so this produced useless errors.

author	Kim Alvefur <zash@zash.se>
date	Sat, 25 Jan 2020 20:22:12 +0100
parents	3024116d6093
children	c9397cd5cfe6

rev	line source
2204 affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	1 module:set_global()
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	2
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	3 local hosts = prosody.hosts;
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	4
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	5 module:hook("s2s-check-certificate", function(event)
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	6 local session, cert = event.session, event.cert;
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	7 if session.direction ~= "incoming" then return end
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	8
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	9 local outgoing = hosts[session.to_host].s2sout[session.from_host];
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	10 if outgoing and outgoing.type == "s2sout" and outgoing.secure and outgoing.conn:socket():getpeercertificate():pem() == cert:pem() then
2234 3024116d6093 mod_s2s_auth_samecert: Log which s2sout has a matching cert Kim Alvefur <zash@zash.se> parents: 2204 diff changeset	11 session.log("debug", "Certificate matches that of s2sout%s", tostring(outgoing):match("[a-f0-9]+$"));
2204 affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	12 session.cert_identity_status = outgoing.cert_identity_status;
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	13 session.cert_chain_status = outgoing.cert_chain_status;
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	14 return true;
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	15 end
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	16 end, 1000);