# HG changeset patch # User Matthew Wild # Date 1650895793 -3600 # Node ID d8a6e03a716134c1eed415449e8e32d93172f69f # Parent bb85be686a0182a763cf2a28071c8c6bc168ef9d# Parent 553c6204fe5b40a731c81d370b42917dfee37530 Merge 0.12->trunk diff -r bb85be686a01 -r d8a6e03a7161 plugins/mod_s2s.lua --- a/plugins/mod_s2s.lua Mon Apr 25 14:41:54 2022 +0200 +++ b/plugins/mod_s2s.lua Mon Apr 25 15:09:53 2022 +0100 @@ -343,6 +343,15 @@ }, nil, "Could not establish encrypted connection to remote server"); end end + + if session.type == "s2sout_unauthed" and not session.authenticated_remote and secure_auth and not insecure_domains[host] then + session:close({ + condition = "policy-violation"; + text = "Failed to verify certificate (internal error)"; + }); + return; + end + if hosts[host] then session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" }); end @@ -525,6 +534,8 @@ if session.secure and not session.cert_chain_status then if check_cert_status(session) == false then return; + else + session.authenticated_remote = true; end end diff -r bb85be686a01 -r d8a6e03a7161 util/argparse.lua --- a/util/argparse.lua Mon Apr 25 14:41:54 2022 +0200 +++ b/util/argparse.lua Mon Apr 25 15:09:53 2022 +0100 @@ -5,7 +5,7 @@ local parsed_opts = {}; if #arg == 0 then - return parsed_opts; + return parsed_opts, arg; end while true do local raw_param = arg[1]; @@ -47,7 +47,7 @@ end parsed_opts[param_k] = param_v; end - return parsed_opts; + return parsed_opts, arg; end return {