aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2022-04-25 15:07:49 +0100
committerMatthew Wild <mwild1@gmail.com>2022-04-25 15:07:49 +0100
commitf86d1517ce1c6ad3eeebcfb9f57d3689f6f9e943 (patch)
tree44debe06df4f9ef201075d0ef46fc15f870845a4
parent89934124b819b592f5a56f7135c3b037c373d919 (diff)
downloadprosody-f86d1517ce1c6ad3eeebcfb9f57d3689f6f9e943.tar.gz
prosody-f86d1517ce1c6ad3eeebcfb9f57d3689f6f9e943.zip
mod_s2s: Improve robustness of outgoing s2s certificate verification
This change ensures we have positively verified the certificates of the server we are connecting to before marking the session as authenticated. It protects against situations where the verify-or-close stage of the connection was interrupted (e.g. due to an uncaught error). Thanks to Zash for discovery and testing.
-rw-r--r--plugins/mod_s2s.lua11
1 files changed, 11 insertions, 0 deletions
diff --git a/plugins/mod_s2s.lua b/plugins/mod_s2s.lua
index 3ad0f521..e810c6cd 100644
--- a/plugins/mod_s2s.lua
+++ b/plugins/mod_s2s.lua
@@ -349,6 +349,15 @@ function make_authenticated(event)
}, nil, "Could not establish encrypted connection to remote server");
end
end
+
+ if session.type == "s2sout_unauthed" and not session.authenticated_remote and secure_auth and not insecure_domains[host] then
+ session:close({
+ condition = "policy-violation";
+ text = "Failed to verify certificate (internal error)";
+ });
+ return;
+ end
+
if hosts[host] then
session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" });
end
@@ -531,6 +540,8 @@ function stream_callbacks._streamopened(session, attr)
if session.secure and not session.cert_chain_status then
if check_cert_status(session) == false then
return;
+ else
+ session.authenticated_remote = true;
end
end