prosody
7722372aa087
plugins/mod_s2s/mod_s2s.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Diff

plugins/mod_s2s/mod_s2s.lua @ 5770:7722372aa087

Merge 0.9->trunk
author Kim Alvefur <zash@zash.se>
date Tue, 06 Aug 2013 14:35:03 +0200
parent 5764:969e0a054795
parent 5769:f6ea5b3739c9
child 5776:bd0ff8ae98a8
line wrap: on
line diff
--- a/plugins/mod_s2s/mod_s2s.lua	Fri Aug 02 15:40:21 2013 +0200
+++ b/plugins/mod_s2s/mod_s2s.lua	Tue Aug 06 14:35:03 2013 +0200
@@ -246,7 +246,7 @@
 		-- Is there any interest in printing out all/the number of errors here?
 		if not chain_valid then
 			(session.log or log)("debug", "certificate chain validation result: invalid");
-			for depth, t in ipairs(errors or NULL) do
+			for depth, t in pairs(errors or NULL) do
 				(session.log or log)("debug", "certificate error(s) at depth %d: %s", depth-1, table.concat(t, ", "))
 			end
 			session.cert_chain_status = "invalid";
@@ -262,6 +262,7 @@
 				else
 					session.cert_identity_status = "invalid"
 				end
+				(session.log or log)("debug", "certificate identity validation result: %s", session.cert_identity_status);
 			end
 		end
 	end
@@ -658,7 +659,7 @@
 		must_secure = false;
 	end
 	
-	if must_secure and not session.cert_identity_status then
+	if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then
 		module:log("warn", "Forbidding insecure connection to/from %s", host);
 		if session.direction == "incoming" then
 			session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host });