--- a/plugins/mod_admin_telnet.lua Fri Aug 02 15:40:21 2013 +0200
+++ b/plugins/mod_admin_telnet.lua Tue Aug 06 14:35:03 2013 +0200
@@ -670,7 +670,7 @@
-- I think there's going to be more confusion among operators if we
-- break from that.
local function print_errors(print, errors)
- for depth, t in ipairs(errors) do
+ for depth, t in pairs(errors) do
print(
(" %d: %s"):format(
depth-1,
--- a/plugins/mod_s2s/mod_s2s.lua Fri Aug 02 15:40:21 2013 +0200
+++ b/plugins/mod_s2s/mod_s2s.lua Tue Aug 06 14:35:03 2013 +0200
@@ -246,7 +246,7 @@
-- Is there any interest in printing out all/the number of errors here?
if not chain_valid then
(session.log or log)("debug", "certificate chain validation result: invalid");
- for depth, t in ipairs(errors or NULL) do
+ for depth, t in pairs(errors or NULL) do
(session.log or log)("debug", "certificate error(s) at depth %d: %s", depth-1, table.concat(t, ", "))
end
session.cert_chain_status = "invalid";
@@ -262,6 +262,7 @@
else
session.cert_identity_status = "invalid"
end
+ (session.log or log)("debug", "certificate identity validation result: %s", session.cert_identity_status);
end
end
end
@@ -658,7 +659,7 @@
must_secure = false;
end
- if must_secure and not session.cert_identity_status then
+ if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then
module:log("warn", "Forbidding insecure connection to/from %s", host);
if session.direction == "incoming" then
session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host });
--- a/util-src/hashes.c Fri Aug 02 15:40:21 2013 +0200
+++ b/util-src/hashes.c Tue Aug 06 14:35:03 2013 +0200
@@ -85,7 +85,7 @@
if (key_len > 64) {
desc->Init(desc->ctx);
desc->Update(desc->ctx, key, key_len);
- desc->Final(desc->ctx, hashedKey);
+ desc->Final(hashedKey, desc->ctx);
key = (const char*)hashedKey;
key_len = desc->digestLength;
}