Mercurial > prosody-modules
changeset 3447:5f2eeebcf899
mod_client_certs: do not crash on plain sockets
In some situations (e.g., reverse-proxied websocket), non-TLS sockets
can be marked as secure, causing mod_client_certs to call the undefined
method getpeercertificate and crash.
| author | Thibaut Girka <thib@sitedethib.com> |
|---|---|
| date | Fri, 18 Jan 2019 14:06:05 +0100 |
| parents | a5a50cd34386 |
| children | c4db126a9f04 |
| files | mod_client_certs/mod_client_certs.lua |
| diffstat | 1 files changed, 7 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_client_certs/mod_client_certs.lua Fri Jan 18 02:16:03 2019 +0100 +++ b/mod_client_certs/mod_client_certs.lua Fri Jan 18 14:06:05 2019 +0100 @@ -94,7 +94,7 @@ local disabled_cert_pem = info.pem; for _, session in pairs(sessions) do - if session and session.conn then + if session and session.conn and session.conn:socket().getpeercertificate then local cert = session.conn:socket():getpeercertificate(); if cert and cert:pem() == disabled_cert_pem then @@ -336,7 +336,12 @@ module:hook("stream-features", function(event) local session, features = event.origin, event.features; if session.secure and session.type == "c2s_unauthed" then - local cert = session.conn:socket():getpeercertificate(); + local socket = session.conn:socket(); + if not socket.getpeercertificate then + module:log("debug", "Not a TLS socket"); + return + end + local cert = socket:getpeercertificate(); if not cert then module:log("error", "No Client Certificate"); return