# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1404503305 -7200
# Node ID 2fdd71b08126e1a3688b8a326c6da25f55316cb0
# Parent  4b0172dc5e3ac42c528b8c14b8370ed12ad96413
mod_dialback: Short-circuit dialback auth if certificate is considered valid

diff -r 4b0172dc5e3a -r 2fdd71b08126 plugins/mod_dialback.lua
--- a/plugins/mod_dialback.lua	Thu Jul 03 15:38:53 2014 +0200
+++ b/plugins/mod_dialback.lua	Fri Jul 04 21:48:25 2014 +0200
@@ -13,6 +13,7 @@
 local st = require "util.stanza";
 local sha256_hash = require "util.hashes".sha256;
 local nameprep = require "util.encodings".stringprep.nameprep;
+local check_cert_status = module:depends"s2s".check_cert_status;
 local uuid_gen = require"util.uuid".generate;
 
 local xmlns_stream = "http://etherx.jabber.org/streams";
@@ -20,6 +21,7 @@
 local dialback_requests = setmetatable({}, { __mode = 'v' });
 
 local dialback_secret = module.host .. module:get_option_string("dialback_secret", uuid_gen());
+local dwd = module:get_option_boolean("dialback_without_dialback", false);
 
 function module.save()
 	return { dialback_secret = dialback_secret };
@@ -80,6 +82,14 @@
 		local attr = stanza.attr;
 		local to, from = nameprep(attr.to), nameprep(attr.from);
 
+		if check_cert_status(origin, from) == false then
+			return
+		elseif origin.cert_chain_status == "valid" and origin.cert_identity_status == "valid" then
+			origin.sends2s(st.stanza("db:result", { to = from, from = to, id = attr.id, type = "valid" }));
+			module:fire_event("s2s-authenticated", { session = origin, host = from });
+			return true;
+		end
+
 		if not hosts[to] then
 			-- Not a host that we serve
 			origin.log("warn", "%s tried to connect to %s, which we don't serve", from, to);
diff -r 4b0172dc5e3a -r 2fdd71b08126 plugins/mod_s2s/mod_s2s.lua
--- a/plugins/mod_s2s/mod_s2s.lua	Thu Jul 03 15:38:53 2014 +0200
+++ b/plugins/mod_s2s/mod_s2s.lua	Fri Jul 04 21:48:25 2014 +0200
@@ -235,7 +235,7 @@
 end
 
 --- Helper to check that a session peer's certificate is valid
-local function check_cert_status(session)
+function check_cert_status(session)
 	local host = session.direction == "outgoing" and session.to_host or session.from_host
 	local conn = session.conn:socket()
 	local cert