Software /
code /
prosody
Comparison
plugins/mod_s2s/mod_s2s.lua @ 5767:3a30ad76a86a
mod_s2s: Improve policy check
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 05 Aug 2013 20:47:38 +0200 |
parent | 5766:e6a9085f0ac3 |
child | 5769:f6ea5b3739c9 |
comparison
equal
deleted
inserted
replaced
5766:e6a9085f0ac3 | 5767:3a30ad76a86a |
---|---|
640 must_secure = true; | 640 must_secure = true; |
641 elseif must_secure and insecure_domains[host] then | 641 elseif must_secure and insecure_domains[host] then |
642 must_secure = false; | 642 must_secure = false; |
643 end | 643 end |
644 | 644 |
645 if must_secure and not session.cert_identity_status then | 645 if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then |
646 module:log("warn", "Forbidding insecure connection to/from %s", host); | 646 module:log("warn", "Forbidding insecure connection to/from %s", host); |
647 if session.direction == "incoming" then | 647 if session.direction == "incoming" then |
648 session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host }); | 648 session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host }); |
649 else -- Close outgoing connections without warning | 649 else -- Close outgoing connections without warning |
650 session:close(false); | 650 session:close(false); |