equal
deleted
inserted
replaced
292 end |
292 end |
293 if is_match and cacert:issued(cert, unpack(chain)) then |
293 if is_match and cacert:issued(cert, unpack(chain)) then |
294 log("info", "DANE validated ok for %s using %s", host, tlsa:getUsage()); |
294 log("info", "DANE validated ok for %s using %s", host, tlsa:getUsage()); |
295 if use == 2 then -- DANE-TA |
295 if use == 2 then -- DANE-TA |
296 session.cert_identity_status = "valid"; |
296 session.cert_identity_status = "valid"; |
297 session.cert_chain_status = "valid"; |
297 if cert_verify_identity(host, "xmpp-server", cert) then |
|
298 session.cert_chain_status = "valid"; |
|
299 -- else -- TODO Check against SRV target? |
|
300 end |
298 -- for usage 0, PKIX-CA, identity and chain has to be valid already |
301 -- for usage 0, PKIX-CA, identity and chain has to be valid already |
299 end |
302 end |
300 match_found = true; |
303 match_found = true; |
301 break; |
304 break; |
302 end |
305 end |