changeset 3202:094f75f316d6

mod_s2s_auth_posh: Skip POSH if session certificate is already valid
author Kim Alvefur <zash@zash.se>
date Thu, 21 Dec 2017 03:20:34 +0100
parents 73be17be7d84
children b3e82e2b818e
files mod_s2s_auth_posh/mod_s2s_auth_posh.lua
diffstat 1 files changed, 5 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mod_s2s_auth_posh/mod_s2s_auth_posh.lua	Thu Dec 21 03:19:56 2017 +0100
+++ b/mod_s2s_auth_posh/mod_s2s_auth_posh.lua	Thu Dec 21 03:20:34 2017 +0100
@@ -72,6 +72,11 @@
 module:hook("s2s-check-certificate", function(event)
 	local session, cert = event.session, event.cert;
 	local log = session.log or module._log;
+	if session.cert_identity_status == "valid" then
+		log("debug", "Not trying POSH because certificate is already valid");
+		return;
+	end
+
 	log("info", "Trying POSH authentication.");
 	-- if session.cert_identity_status ~= "valid" and session.posh then
 	local wait, done = async.waiter();