Comparison

plugins/mod_s2s_auth_certs.lua @ 12812:b2d422b88cd6

Revert unintentionally committed parts of 12bd40b8e105
author Kim Alvefur <zash@zash.se>
date Wed, 21 Dec 2022 21:34:07 +0100
parent 12808:12bd40b8e105
child 12816:02f8b10d73e8
comparison
equal deleted inserted replaced
12811:ccc0bdad82cc 12812:b2d422b88cd6
9 9
10 module:hook("s2s-check-certificate", function(event) 10 module:hook("s2s-check-certificate", function(event)
11 local session, host, cert = event.session, event.host, event.cert; 11 local session, host, cert = event.session, event.host, event.cert;
12 local conn = session.conn; 12 local conn = session.conn;
13 local log = session.log or log; 13 local log = session.log or log;
14
15 local secure_hostname = conn.extra and conn.extra.dane_hostname;
16 14
17 if not cert then 15 if not cert then
18 log("warn", "No certificate provided by %s", host or "unknown host"); 16 log("warn", "No certificate provided by %s", host or "unknown host");
19 return; 17 return;
20 end 18 end
37 log("debug", "certificate chain validation result: valid"); 35 log("debug", "certificate chain validation result: valid");
38 session.cert_chain_status = "valid"; 36 session.cert_chain_status = "valid";
39 37
40 -- We'll go ahead and verify the asserted identity if the 38 -- We'll go ahead and verify the asserted identity if the
41 -- connecting server specified one. 39 -- connecting server specified one.
42 if secure_hostname then
43 if cert_verify_identity(secure_hostname, "xmpp-server", cert) then
44 module:log("info", "Secure SRV name delegation %q -> %q", secure_hostname, host);
45 session.cert_identity_status = "valid"
46 else
47 session.cert_identity_status = "invalid"
48 end
49 end
50 if host then 40 if host then
51 if cert_verify_identity(host, "xmpp-server", cert) then 41 if cert_verify_identity(host, "xmpp-server", cert) then
52 session.cert_identity_status = "valid" 42 session.cert_identity_status = "valid"
53 else 43 else
54 session.cert_identity_status = "invalid" 44 session.cert_identity_status = "invalid"