Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_s2s: Improve policy check
authorKim Alvefur <zash@zash.se>
Mon, 05 Aug 2013 20:47:38 +0200
changeset 5767 3a30ad76a86a
parent 5766 e6a9085f0ac3
child 5768 c892709f035d
mod_s2s: Improve policy check
plugins/mod_s2s/mod_s2s.lua file | annotate | diff | comparison | revisions 
--- a/plugins/mod_s2s/mod_s2s.lua	Sun Aug 04 17:33:00 2013 +0200
+++ b/plugins/mod_s2s/mod_s2s.lua	Mon Aug 05 20:47:38 2013 +0200
@@ -642,7 +642,7 @@
 		must_secure = false;
 	end
 	
-	if must_secure and not session.cert_identity_status then
+	if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then
 		module:log("warn", "Forbidding insecure connection to/from %s", host);
 		if session.direction == "incoming" then
 			session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host });
prosody