Software / code / prosody
Diff
plugins/mod_s2s_auth_certs.lua @ 12808:12bd40b8e105
mod_c2s,mod_s2s: Adapt to XEP-xxxx: Stream Limits Advertisement
Thanks MattJ
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 20 Oct 2022 14:04:56 +0200 |
| parent | 12480:7e9ebdc75ce4 |
| child | 12812:b2d422b88cd6 |
line wrap: on
line diff
--- a/plugins/mod_s2s_auth_certs.lua Tue Mar 16 18:30:54 2021 +0100 +++ b/plugins/mod_s2s_auth_certs.lua Thu Oct 20 14:04:56 2022 +0200 @@ -12,6 +12,8 @@ local conn = session.conn; local log = session.log or log; + local secure_hostname = conn.extra and conn.extra.dane_hostname; + if not cert then log("warn", "No certificate provided by %s", host or "unknown host"); return; @@ -37,6 +39,14 @@ -- We'll go ahead and verify the asserted identity if the -- connecting server specified one. + if secure_hostname then + if cert_verify_identity(secure_hostname, "xmpp-server", cert) then + module:log("info", "Secure SRV name delegation %q -> %q", secure_hostname, host); + session.cert_identity_status = "valid" + else + session.cert_identity_status = "invalid" + end + end if host then if cert_verify_identity(host, "xmpp-server", cert) then session.cert_identity_status = "valid"
