Software / code / prosody
Changeset
5767:3a30ad76a86a
mod_s2s: Improve policy check
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 05 Aug 2013 20:47:38 +0200 |
| parents | 5766:e6a9085f0ac3 |
| children | 5768:c892709f035d |
| files | plugins/mod_s2s/mod_s2s.lua |
| diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_s2s/mod_s2s.lua Sun Aug 04 17:33:00 2013 +0200 +++ b/plugins/mod_s2s/mod_s2s.lua Mon Aug 05 20:47:38 2013 +0200 @@ -642,7 +642,7 @@ must_secure = false; end - if must_secure and not session.cert_identity_status then + if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then module:log("warn", "Forbidding insecure connection to/from %s", host); if session.direction == "incoming" then session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host });
