prosody-modules
a754f7e380b2
mod_s2s_auth_samecert/mod_s2s_auth_samecert.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_s2s_auth_samecert/mod_s2s_auth_samecert.lua @ 4764:a754f7e380b2

mod_dnsupdate: Rewrite port config vs DNS comparison code I'm not sure if it was correct, which means it was hard to understand and thus needed to be simplified. Hope this accomplishes that.
author Kim Alvefur <zash@zash.se>
date Mon, 08 Nov 2021 23:03:14 +0100
parent 4675:c9397cd5cfe6
line wrap: on
line source

module:set_global()

local hosts = prosody.hosts;

module:hook("s2s-check-certificate", function(event)
	local session, cert = event.session, event.cert;
	if not cert or session.direction ~= "incoming" then return end

	local outgoing = hosts[session.to_host].s2sout[session.from_host];
	if outgoing and outgoing.type == "s2sout" and outgoing.secure and outgoing.conn:socket():getpeercertificate():pem() == cert:pem() then
		session.log("debug", "Certificate matches that of s2sout%s", tostring(outgoing):match("[a-f0-9]+$"));
		session.cert_identity_status = outgoing.cert_identity_status;
		session.cert_chain_status = outgoing.cert_chain_status;
		return true;
	end
end, 1000);