Mercurial Mercurial > prosody > prosody / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugins/mod_s2s.lua
changeset 12480 d8a6e03a7161
parent 12477 bb85be686a01
parent 12478 8fac32810144
child 12484 7e9ebdc75ce4 
--- a/plugins/mod_s2s.lua	Mon Apr 25 14:41:54 2022 +0200
+++ b/plugins/mod_s2s.lua	Mon Apr 25 15:09:53 2022 +0100
@@ -343,6 +343,15 @@
 			}, nil, "Could not establish encrypted connection to remote server");
 		end
 	end
+
+	if session.type == "s2sout_unauthed" and not session.authenticated_remote and secure_auth and not insecure_domains[host] then
+		session:close({
+			condition = "policy-violation";
+			text = "Failed to verify certificate (internal error)";
+		});
+		return;
+	end
+
 	if hosts[host] then
 		session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" });
 	end
@@ -525,6 +534,8 @@
 		if session.secure and not session.cert_chain_status then
 			if check_cert_status(session) == false then
 				return;
+			else
+				session.authenticated_remote = true;
 			end
 		end
prosody