prosody
4a9ff4f61796
plugins/mod_s2s_auth_certs.lua
Software / code / prosody
File
plugins/mod_s2s_auth_certs.lua @ 10813:4a9ff4f61796
mod_presence: Send unavailable presence in current thread run
`session:dispatch_stanza(pres)` enqueues processing of the stanza in the
sessions async thread, but becasue the entire stream close handling is
now in that thread it would process the presence after the stream and
session was completely closed, leading to weird errors "sent to a
resting session".
We call core_process_stanza() since this is what :dispatch_stanza calls
in the end.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 09 May 2020 00:28:10 +0200 |
| parent | 10454:6c3fccb75b38 |
| child | 11835:a405884c62f4 |
line wrap: on
line source
module:set_global(); local cert_verify_identity = require "util.x509".verify_identity; local NULL = {}; local log = module._log; module:hook("s2s-check-certificate", function(event) local session, host, cert = event.session, event.host, event.cert; local conn = session.conn:socket(); local log = session.log or log; if not cert then log("warn", "No certificate provided by %s", host or "unknown host"); return; end local chain_valid, errors; if conn.getpeerverification then chain_valid, errors = conn:getpeerverification(); else chain_valid, errors = false, { { "Chain verification not supported by this version of LuaSec" } }; end -- Is there any interest in printing out all/the number of errors here? if not chain_valid then log("debug", "certificate chain validation result: invalid"); for depth, t in pairs(errors or NULL) do log("debug", "certificate error(s) at depth %d: %s", depth-1, table.concat(t, ", ")) end session.cert_chain_status = "invalid"; session.cert_chain_errors = errors; else log("debug", "certificate chain validation result: valid"); session.cert_chain_status = "valid"; -- We'll go ahead and verify the asserted identity if the -- connecting server specified one. if host then if cert_verify_identity(host, "xmpp-server", cert) then session.cert_identity_status = "valid" else session.cert_identity_status = "invalid" end log("debug", "certificate identity validation result: %s", session.cert_identity_status); end end end, 509);
