mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-05 22:27:38 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

mod_s2s: Improve policy check

Browse source
This commit is contained in:
Kim Alvefur 2013-08-05 20:47:38 +02:00
parent 47ec51ca07
commit bb9aa809b1
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
plugins/mod_s2s/mod_s2s.lua
View file

@ -642,7 +642,7 @@ function check_auth_policy(event)
must_secure = false; must_secure = false;
end end
if must_secure and not session.cert_identity_status then if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then
module:log("warn", "Forbidding insecure connection to/from %s", host); module:log("warn", "Forbidding insecure connection to/from %s", host);
if session.direction == "incoming" then if session.direction == "incoming" then
session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host }); session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host });