Merge 0.12->trunk

2025-04-06 06:37:37 +03:00 · 2022-04-25 15:09:53 +01:00 · 2022-04-25 15:09:53 +01:00 · fc5a8d7f4a
commit fc5a8d7f4a
parent f40337890e 0eef6dde1e
2 changed files with 13 additions and 2 deletions
--- a/plugins/mod_s2s.lua
+++ b/plugins/mod_s2s.lua
@ -343,6 +343,15 @@ function make_authenticated(event)
 			}, nil, "Could not establish encrypted connection to remote server");
 		end
 	end
+
+	if session.type == "s2sout_unauthed" and not session.authenticated_remote and secure_auth and not insecure_domains[host] then
+		session:close({
+			condition = "policy-violation";
+			text = "Failed to verify certificate (internal error)";
+		});
+		return;
+	end
+
 	if hosts[host] then
 		session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" });
 	end
@ -525,6 +534,8 @@ function stream_callbacks._streamopened(session, attr)
 		if session.secure and not session.cert_chain_status then
 			if check_cert_status(session) == false then
 				return;
+			else
+				session.authenticated_remote = true;
 			end
 		end

--- a/util/argparse.lua
+++ b/util/argparse.lua
@ -5,7 +5,7 @@ local function parse(arg, config)
 	local parsed_opts = {};

 	if #arg == 0 then
-		return parsed_opts;
+		return parsed_opts, arg;
 	end
 	while true do
 		local raw_param = arg[1];
@ -47,7 +47,7 @@ local function parse(arg, config)
 		end
 		parsed_opts[param_k] = param_v;
 	end
-	return parsed_opts;
+	return parsed_opts, arg;
 end

 return {