# HG changeset patch # User Matthew Wild # Date 1650895669 -3600 # Node ID 8fac328101441784e1d0f6f6f87fc1d84779b74b # Parent 9ee41552bca0f1b237b1a1b185f0c42a048fb839 mod_s2s: Improve robustness of outgoing s2s certificate verification This change ensures we have positively verified the certificates of the server we are connecting to before marking the session as authenticated. It protects against situations where the verify-or-close stage of the connection was interrupted (e.g. due to an uncaught error). Thanks to Zash for discovery and testing. diff -r 9ee41552bca0 -r 8fac32810144 plugins/mod_s2s.lua --- a/plugins/mod_s2s.lua Wed Apr 13 18:46:11 2022 +0100 +++ b/plugins/mod_s2s.lua Mon Apr 25 15:07:49 2022 +0100 @@ -349,6 +349,15 @@ }, nil, "Could not establish encrypted connection to remote server"); end end + + if session.type == "s2sout_unauthed" and not session.authenticated_remote and secure_auth and not insecure_domains[host] then + session:close({ + condition = "policy-violation"; + text = "Failed to verify certificate (internal error)"; + }); + return; + end + if hosts[host] then session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" }); end @@ -531,6 +540,8 @@ if session.secure and not session.cert_chain_status then if check_cert_status(session) == false then return; + else + session.authenticated_remote = true; end end