prosody-modules: mod_s2s_auth_samecert/mod_s2s_auth_samecert.lua annotate

annotate mod_s2s_auth_samecert/mod_s2s_auth_samecert.lua @ 4838:fd2e48d4ac94

mod_bookmarks2: Advertise XEP-0049 support In the case mod_private isn’t loaded, some clients (like poezio) won’t even attempt to use Private XML Storage unless this feature is advertised. This is on the domain JID and not on the account JID!

author	Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
date	Sun, 26 Dec 2021 14:51:35 +0100
parents	c9397cd5cfe6
children

rev	line source
2204 affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	1 module:set_global()
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	2
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	3 local hosts = prosody.hosts;
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	4
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	5 module:hook("s2s-check-certificate", function(event)
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	6 local session, cert = event.session, event.cert;
4675 c9397cd5cfe6 mod_s2s_auth_samecert: Handle lack of provided client certificate Kim Alvefur <zash@zash.se> parents: 2234 diff changeset	7 if not cert or session.direction ~= "incoming" then return end
c9397cd5cfe6 mod_s2s_auth_samecert: Handle lack of provided client certificate Kim Alvefur <zash@zash.se> parents: 2234 diff changeset	8
2204 affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	9 local outgoing = hosts[session.to_host].s2sout[session.from_host];
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	10 if outgoing and outgoing.type == "s2sout" and outgoing.secure and outgoing.conn:socket():getpeercertificate():pem() == cert:pem() then
2234 3024116d6093 mod_s2s_auth_samecert: Log which s2sout has a matching cert Kim Alvefur <zash@zash.se> parents: 2204 diff changeset	11 session.log("debug", "Certificate matches that of s2sout%s", tostring(outgoing):match("[a-f0-9]+$"));
2204 affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	12 session.cert_identity_status = outgoing.cert_identity_status;
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	13 session.cert_chain_status = outgoing.cert_chain_status;
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	14 return true;
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	15 end
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection Kim Alvefur <zash@zash.se> parents: diff changeset	16 end, 1000);