Software / code / prosody
Diff
plugins/mod_s2s.lua @ 12476:d8a6e03a7161
Merge 0.12->trunk
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 25 Apr 2022 15:09:53 +0100 |
| parent | 12473:bb85be686a01 |
| parent | 12474:8fac32810144 |
| child | 12480:7e9ebdc75ce4 |
line wrap: on
line diff
--- a/plugins/mod_s2s.lua Mon Apr 25 14:41:54 2022 +0200 +++ b/plugins/mod_s2s.lua Mon Apr 25 15:09:53 2022 +0100 @@ -343,6 +343,15 @@ }, nil, "Could not establish encrypted connection to remote server"); end end + + if session.type == "s2sout_unauthed" and not session.authenticated_remote and secure_auth and not insecure_domains[host] then + session:close({ + condition = "policy-violation"; + text = "Failed to verify certificate (internal error)"; + }); + return; + end + if hosts[host] then session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" }); end @@ -525,6 +534,8 @@ if session.secure and not session.cert_chain_status then if check_cert_status(session) == false then return; + else + session.authenticated_remote = true; end end
