Comparison

plugins/mod_s2s/mod_s2s.lua @ 5767:3a30ad76a86a

mod_s2s: Improve policy check
author Kim Alvefur <zash@zash.se>
date Mon, 05 Aug 2013 20:47:38 +0200
parent 5766:e6a9085f0ac3
child 5769:f6ea5b3739c9
comparison
equal deleted inserted replaced
5766:e6a9085f0ac3 5767:3a30ad76a86a
640 must_secure = true; 640 must_secure = true;
641 elseif must_secure and insecure_domains[host] then 641 elseif must_secure and insecure_domains[host] then
642 must_secure = false; 642 must_secure = false;
643 end 643 end
644 644
645 if must_secure and not session.cert_identity_status then 645 if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then
646 module:log("warn", "Forbidding insecure connection to/from %s", host); 646 module:log("warn", "Forbidding insecure connection to/from %s", host);
647 if session.direction == "incoming" then 647 if session.direction == "incoming" then
648 session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host }); 648 session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host });
649 else -- Close outgoing connections without warning 649 else -- Close outgoing connections without warning
650 session:close(false); 650 session:close(false);