changeset 4490:cf2bdb2aaa57

mod_s2s_auth_dane: Disable now redundant validation done in trunk Outgoing connections can now be validated natively in trunk since a38f9e09ca31 so we only need to check incoming connections.
author Kim Alvefur <zash@zash.se>
date Wed, 03 Mar 2021 11:43:38 +0100
parents 725768d83830
children 35381608d323
files mod_s2s_auth_dane/mod_s2s_auth_dane.lua
diffstat 1 files changed, 7 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Tue Mar 02 19:20:41 2021 +0100
+++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Wed Mar 03 11:43:38 2021 +0100
@@ -231,6 +231,8 @@
 	end
 end
 
+local new_dane = module:get_option_boolean("use_dane", false);
+
 function module.add_host(module)
 	local function on_new_s2s(event)
 		local host_session = event.origin;
@@ -244,9 +246,11 @@
 		-- Let it run in parallel until we need to check the cert
 	end
 
-	-- New outgoing connections
-	module:hook("stanza/http://etherx.jabber.org/streams:features", on_new_s2s, 501);
-	module:hook("s2sout-authenticate-legacy", on_new_s2s, 200);
+	if not new_dane then
+		-- New outgoing connections
+		module:hook("stanza/http://etherx.jabber.org/streams:features", on_new_s2s, 501);
+		module:hook("s2sout-authenticate-legacy", on_new_s2s, 200);
+	end
 
 	-- New incoming connections
 	module:hook("s2s-stream-features", on_new_s2s, 10);