--- a/mod_auth_ccert/mod_auth_ccert.lua Wed Feb 26 13:08:47 2014 -0800
+++ b/mod_auth_ccert/mod_auth_ccert.lua Fri Feb 28 15:36:06 2014 +0100
@@ -60,7 +60,7 @@
function get_sasl_handler(session)
return new_sasl(module.host, {
external = session.secure and function(authz)
- if not session.secure then
+ if not session.secure or not session.conn:ssl() then
-- getpeercertificate() on a TCP connection would be bad, abort!
(session.log or log)("error", "How did you manage to select EXTERNAL without TLS?");
return nil, false;