prosody
d8a6e03a7161
plugins/mod_s2s.lua
Software / code / prosody
Comparison
plugins/mod_s2s.lua @ 12476:d8a6e03a7161
Merge 0.12->trunk
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 25 Apr 2022 15:09:53 +0100 |
| parent | 12473:bb85be686a01 |
| parent | 12474:8fac32810144 |
| child | 12480:7e9ebdc75ce4 |
comparison
equal
deleted
inserted
replaced
| 12473:bb85be686a01 | 12476:d8a6e03a7161 |
|---|---|
| 341 text = "Encrypted server-to-server communication is required but was not " | 341 text = "Encrypted server-to-server communication is required but was not " |
| 342 ..((session.direction == "outgoing" and "offered") or "used") | 342 ..((session.direction == "outgoing" and "offered") or "used") |
| 343 }, nil, "Could not establish encrypted connection to remote server"); | 343 }, nil, "Could not establish encrypted connection to remote server"); |
| 344 end | 344 end |
| 345 end | 345 end |
| 346 | |
| 347 if session.type == "s2sout_unauthed" and not session.authenticated_remote and secure_auth and not insecure_domains[host] then | |
| 348 session:close({ | |
| 349 condition = "policy-violation"; | |
| 350 text = "Failed to verify certificate (internal error)"; | |
| 351 }); | |
| 352 return; | |
| 353 end | |
| 354 | |
| 346 if hosts[host] then | 355 if hosts[host] then |
| 347 session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" }); | 356 session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" }); |
| 348 end | 357 end |
| 349 if session.type == "s2sout_unauthed" then | 358 if session.type == "s2sout_unauthed" then |
| 350 session.type = "s2sout"; | 359 session.type = "s2sout"; |
| 523 session.streamid = attr.id; | 532 session.streamid = attr.id; |
| 524 | 533 |
| 525 if session.secure and not session.cert_chain_status then | 534 if session.secure and not session.cert_chain_status then |
| 526 if check_cert_status(session) == false then | 535 if check_cert_status(session) == false then |
| 527 return; | 536 return; |
| 537 else | |
| 538 session.authenticated_remote = true; | |
| 528 end | 539 end |
| 529 end | 540 end |
| 530 | 541 |
| 531 -- If server is pre-1.0, don't wait for features, just do dialback | 542 -- If server is pre-1.0, don't wait for features, just do dialback |
| 532 if session.version < 1.0 then | 543 if session.version < 1.0 then |
