Mercurial > prosody-modules
comparison mod_s2s_auth_dnssec_srv/mod_s2s_auth_dnssec_srv.lua @ 1130:29dcdea3c2be
mod_s2s_auth_dnssec_srv: Ignore certificates with invalid chains.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 03 Aug 2013 12:38:22 +0200 |
parents | 2b2d4b1de638 |
children | 7dbde05b48a9 |
comparison
equal
deleted
inserted
replaced
1129:ae0fa4d2005d | 1130:29dcdea3c2be |
---|---|
17 local cert_verify_identity = require "util.x509".verify_identity; | 17 local cert_verify_identity = require "util.x509".verify_identity; |
18 | 18 |
19 module:hook("s2s-check-certificate", function(event) | 19 module:hook("s2s-check-certificate", function(event) |
20 local session, cert = event.session, event.cert; | 20 local session, cert = event.session, event.cert; |
21 | 21 |
22 if session.cert_identity_status ~= "valid" and session.srv_choice | 22 if session.cert_chain_status == "valid" and session.cert_identity_status ~= "valid" |
23 and session.srv_hosts.answer and session.srv_hosts.answer.secure then | 23 and session.srv_choice and session.srv_hosts.answer and session.srv_hosts.answer.secure then |
24 local srv_target = nameprep(to_unicode(session.srv_hosts[session.srv_choice].target:gsub("%.?$",""))); | 24 local srv_target = nameprep(to_unicode(session.srv_hosts[session.srv_choice].target:gsub("%.?$",""))); |
25 (session.log or module._log)("debug", "Comparing certificate with Secure SRV target %s", srv_target); | 25 (session.log or module._log)("debug", "Comparing certificate with Secure SRV target %s", srv_target); |
26 if srv_target and cert_verify_identity(srv_target, "xmpp-server", cert) then | 26 if srv_target and cert_verify_identity(srv_target, "xmpp-server", cert) then |
27 (session.log or module._log)("info", "Certificate matches Secure SRV target %s", srv_target); | 27 (session.log or module._log)("info", "Certificate matches Secure SRV target %s", srv_target); |
28 session.cert_identity_status = "valid"; | 28 session.cert_identity_status = "valid"; |