Software /
code /
prosody
Comparison
plugins/mod_s2s_auth_certs.lua @ 12812:b2d422b88cd6
Revert unintentionally committed parts of 12bd40b8e105
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 21 Dec 2022 21:34:07 +0100 |
parent | 12808:12bd40b8e105 |
child | 12816:02f8b10d73e8 |
comparison
equal
deleted
inserted
replaced
12811:ccc0bdad82cc | 12812:b2d422b88cd6 |
---|---|
9 | 9 |
10 module:hook("s2s-check-certificate", function(event) | 10 module:hook("s2s-check-certificate", function(event) |
11 local session, host, cert = event.session, event.host, event.cert; | 11 local session, host, cert = event.session, event.host, event.cert; |
12 local conn = session.conn; | 12 local conn = session.conn; |
13 local log = session.log or log; | 13 local log = session.log or log; |
14 | |
15 local secure_hostname = conn.extra and conn.extra.dane_hostname; | |
16 | 14 |
17 if not cert then | 15 if not cert then |
18 log("warn", "No certificate provided by %s", host or "unknown host"); | 16 log("warn", "No certificate provided by %s", host or "unknown host"); |
19 return; | 17 return; |
20 end | 18 end |
37 log("debug", "certificate chain validation result: valid"); | 35 log("debug", "certificate chain validation result: valid"); |
38 session.cert_chain_status = "valid"; | 36 session.cert_chain_status = "valid"; |
39 | 37 |
40 -- We'll go ahead and verify the asserted identity if the | 38 -- We'll go ahead and verify the asserted identity if the |
41 -- connecting server specified one. | 39 -- connecting server specified one. |
42 if secure_hostname then | |
43 if cert_verify_identity(secure_hostname, "xmpp-server", cert) then | |
44 module:log("info", "Secure SRV name delegation %q -> %q", secure_hostname, host); | |
45 session.cert_identity_status = "valid" | |
46 else | |
47 session.cert_identity_status = "invalid" | |
48 end | |
49 end | |
50 if host then | 40 if host then |
51 if cert_verify_identity(host, "xmpp-server", cert) then | 41 if cert_verify_identity(host, "xmpp-server", cert) then |
52 session.cert_identity_status = "valid" | 42 session.cert_identity_status = "valid" |
53 else | 43 else |
54 session.cert_identity_status = "invalid" | 44 session.cert_identity_status = "invalid" |