Mercurial > prosody-modules

view mod_s2s_auth_samecert/mod_s2s_auth_samecert.lua @ 4764:a754f7e380b2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_dnsupdate: Rewrite port config vs DNS comparison code I'm not sure if it was correct, which means it was hard to understand and thus needed to be simplified. Hope this accomplishes that.
author Kim Alvefur <zash@zash.se>
date Mon, 08 Nov 2021 23:03:14 +0100
parents c9397cd5cfe6
children
line wrap: on
line source

module:set_global()

local hosts = prosody.hosts;

module:hook("s2s-check-certificate", function(event)
	local session, cert = event.session, event.cert;
	if not cert or session.direction ~= "incoming" then return end

	local outgoing = hosts[session.to_host].s2sout[session.from_host];
	if outgoing and outgoing.type == "s2sout" and outgoing.secure and outgoing.conn:socket():getpeercertificate():pem() == cert:pem() then
		session.log("debug", "Certificate matches that of s2sout%s", tostring(outgoing):match("[a-f0-9]+$"));
		session.cert_identity_status = outgoing.cert_identity_status;
		session.cert_chain_status = outgoing.cert_chain_status;
		return true;
	end
end, 1000);