--- a/mod_s2s_auth_dnssec_srv/mod_s2s_auth_dnssec_srv.lua Sat Aug 03 01:16:31 2013 +0200
+++ b/mod_s2s_auth_dnssec_srv/mod_s2s_auth_dnssec_srv.lua Sat Aug 03 12:38:22 2013 +0200
@@ -19,8 +19,8 @@
module:hook("s2s-check-certificate", function(event)
local session, cert = event.session, event.cert;
- if session.cert_identity_status ~= "valid" and session.srv_choice
- and session.srv_hosts.answer and session.srv_hosts.answer.secure then
+ if session.cert_chain_status == "valid" and session.cert_identity_status ~= "valid"
+ and session.srv_choice and session.srv_hosts.answer and session.srv_hosts.answer.secure then
local srv_target = nameprep(to_unicode(session.srv_hosts[session.srv_choice].target:gsub("%.?$","")));
(session.log or module._log)("debug", "Comparing certificate with Secure SRV target %s", srv_target);
if srv_target and cert_verify_identity(srv_target, "xmpp-server", cert) then