equal
deleted
inserted
replaced
9 |
9 |
10 module:hook("s2s-check-certificate", function(event) |
10 module:hook("s2s-check-certificate", function(event) |
11 local session, host, cert = event.session, event.host, event.cert; |
11 local session, host, cert = event.session, event.host, event.cert; |
12 local conn = session.conn; |
12 local conn = session.conn; |
13 local log = session.log or log; |
13 local log = session.log or log; |
|
14 |
|
15 local secure_hostname = conn.extra and conn.extra.dane_hostname; |
14 |
16 |
15 if not cert then |
17 if not cert then |
16 log("warn", "No certificate provided by %s", host or "unknown host"); |
18 log("warn", "No certificate provided by %s", host or "unknown host"); |
17 return; |
19 return; |
18 end |
20 end |
35 log("debug", "certificate chain validation result: valid"); |
37 log("debug", "certificate chain validation result: valid"); |
36 session.cert_chain_status = "valid"; |
38 session.cert_chain_status = "valid"; |
37 |
39 |
38 -- We'll go ahead and verify the asserted identity if the |
40 -- We'll go ahead and verify the asserted identity if the |
39 -- connecting server specified one. |
41 -- connecting server specified one. |
|
42 if secure_hostname then |
|
43 if cert_verify_identity(secure_hostname, "xmpp-server", cert) then |
|
44 module:log("info", "Secure SRV name delegation %q -> %q", secure_hostname, host); |
|
45 session.cert_identity_status = "valid" |
|
46 else |
|
47 session.cert_identity_status = "invalid" |
|
48 end |
|
49 end |
40 if host then |
50 if host then |
41 if cert_verify_identity(host, "xmpp-server", cert) then |
51 if cert_verify_identity(host, "xmpp-server", cert) then |
42 session.cert_identity_status = "valid" |
52 session.cert_identity_status = "valid" |
43 else |
53 else |
44 session.cert_identity_status = "invalid" |
54 session.cert_identity_status = "invalid" |