prosody
767ecb0091a6
plugins/mod_s2s/mod_s2s.lua
Software / code / prosody
Comparison
plugins/mod_s2s/mod_s2s.lua @ 5408:767ecb0091a6
mod_s2s: Close incoming s2s with stream error when secure and we don't trust their certificate
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 01 Apr 2013 14:45:59 +0100 |
| parent | 5390:b3c8757ee4f4 |
| child | 5423:4acc1598f391 |
comparison
equal
deleted
inserted
replaced
| 5407:c9ff345a27e7 | 5408:767ecb0091a6 |
|---|---|
| 630 must_secure = false; | 630 must_secure = false; |
| 631 end | 631 end |
| 632 | 632 |
| 633 if must_secure and not session.cert_identity_status then | 633 if must_secure and not session.cert_identity_status then |
| 634 module:log("warn", "Forbidding insecure connection to/from %s", host); | 634 module:log("warn", "Forbidding insecure connection to/from %s", host); |
| 635 session:close(false); | 635 if session.direction == "incoming" then |
| 636 session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by"..session.to_host }); | |
| 637 else -- Close outgoing connections without warning | |
| 638 session:close(false); | |
| 639 end | |
| 636 return false; | 640 return false; |
| 637 end | 641 end |
| 638 end | 642 end |
| 639 | 643 |
| 640 module:hook("s2s-check-certificate", check_auth_policy, -1); | 644 module:hook("s2s-check-certificate", check_auth_policy, -1); |
