Mercurial > prosody-modules
changeset 1130:29dcdea3c2be
mod_s2s_auth_dnssec_srv: Ignore certificates with invalid chains.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 03 Aug 2013 12:38:22 +0200 (2013-08-03) |
parents | ae0fa4d2005d |
children | e7b69d12fbfb |
files | mod_s2s_auth_dnssec_srv/mod_s2s_auth_dnssec_srv.lua |
diffstat | 1 files changed, 2 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_s2s_auth_dnssec_srv/mod_s2s_auth_dnssec_srv.lua Sat Aug 03 01:16:31 2013 +0200 +++ b/mod_s2s_auth_dnssec_srv/mod_s2s_auth_dnssec_srv.lua Sat Aug 03 12:38:22 2013 +0200 @@ -19,8 +19,8 @@ module:hook("s2s-check-certificate", function(event) local session, cert = event.session, event.cert; - if session.cert_identity_status ~= "valid" and session.srv_choice - and session.srv_hosts.answer and session.srv_hosts.answer.secure then + if session.cert_chain_status == "valid" and session.cert_identity_status ~= "valid" + and session.srv_choice and session.srv_hosts.answer and session.srv_hosts.answer.secure then local srv_target = nameprep(to_unicode(session.srv_hosts[session.srv_choice].target:gsub("%.?$",""))); (session.log or module._log)("debug", "Comparing certificate with Secure SRV target %s", srv_target); if srv_target and cert_verify_identity(srv_target, "xmpp-server", cert) then