229 session.cert_identity_status = "invalid"; |
229 session.cert_identity_status = "invalid"; |
230 session.cert_chain_status = "invalid"; |
230 session.cert_chain_status = "invalid"; |
231 end |
231 end |
232 else |
232 else |
233 if session.cert_chain_status == "valid" and session.cert_identity_status ~= "valid" |
233 if session.cert_chain_status == "valid" and session.cert_identity_status ~= "valid" |
234 and session.srv_hosts.answer and session.srv_hosts.answer.secure then |
234 and session.srv_hosts and session.srv_hosts.answer and session.srv_hosts.answer.secure then |
235 local srv_hosts, srv_choice, srv_target = session.srv_hosts, session.srv_choice; |
235 local srv_hosts, srv_choice, srv_target = session.srv_hosts, session.srv_choice; |
236 for i = srv_choice or 1, srv_choice or #srv_hosts do |
236 for i = srv_choice or 1, srv_choice or #srv_hosts do |
237 srv_target = nameprep(idna_to_unicode(session.srv_hosts[i].target:gsub("%.?$",""))); |
237 srv_target = nameprep(idna_to_unicode(session.srv_hosts[i].target:gsub("%.?$",""))); |
238 (session.log or module._log)("debug", "Comparing certificate with Secure SRV target %s", srv_target); |
238 (session.log or module._log)("debug", "Comparing certificate with Secure SRV target %s", srv_target); |
239 if srv_target and cert_verify_identity(srv_target, "xmpp-server", cert) then |
239 if srv_target and cert_verify_identity(srv_target, "xmpp-server", cert) then |