diff options
author | Kim Alvefur <zash@zash.se> | 2013-08-06 14:35:03 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2013-08-06 14:35:03 +0200 |
commit | 132f38d70aa6187f55474b583702e57260eee311 (patch) | |
tree | 43e921f6bd3937398e258a64aa064ae01360625e | |
parent | 6b7b6e0e7b6afa7964e22a4af1bf117f17dbff9c (diff) | |
parent | a316833b30b2e58f75ca808f0006c877b52f7d01 (diff) | |
download | prosody-132f38d70aa6187f55474b583702e57260eee311.tar.gz prosody-132f38d70aa6187f55474b583702e57260eee311.zip |
Merge 0.9->trunk
-rw-r--r-- | plugins/mod_admin_telnet.lua | 2 | ||||
-rw-r--r-- | plugins/mod_s2s/mod_s2s.lua | 5 | ||||
-rw-r--r-- | util-src/hashes.c | 2 |
3 files changed, 5 insertions, 4 deletions
diff --git a/plugins/mod_admin_telnet.lua b/plugins/mod_admin_telnet.lua index 6fc378bb..18ae4fe0 100644 --- a/plugins/mod_admin_telnet.lua +++ b/plugins/mod_admin_telnet.lua @@ -670,7 +670,7 @@ end -- I think there's going to be more confusion among operators if we -- break from that. local function print_errors(print, errors) - for depth, t in ipairs(errors) do + for depth, t in pairs(errors) do print( (" %d: %s"):format( depth-1, diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index b6614d2f..c628dc47 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -246,7 +246,7 @@ local function check_cert_status(session) -- Is there any interest in printing out all/the number of errors here? if not chain_valid then (session.log or log)("debug", "certificate chain validation result: invalid"); - for depth, t in ipairs(errors or NULL) do + for depth, t in pairs(errors or NULL) do (session.log or log)("debug", "certificate error(s) at depth %d: %s", depth-1, table.concat(t, ", ")) end session.cert_chain_status = "invalid"; @@ -262,6 +262,7 @@ local function check_cert_status(session) else session.cert_identity_status = "invalid" end + (session.log or log)("debug", "certificate identity validation result: %s", session.cert_identity_status); end end end @@ -658,7 +659,7 @@ function check_auth_policy(event) must_secure = false; end - if must_secure and not session.cert_identity_status then + if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then module:log("warn", "Forbidding insecure connection to/from %s", host); if session.direction == "incoming" then session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host }); diff --git a/util-src/hashes.c b/util-src/hashes.c index 39737ae0..ad25c1a7 100644 --- a/util-src/hashes.c +++ b/util-src/hashes.c @@ -85,7 +85,7 @@ static void hmac(struct hash_desc *desc, const char *key, size_t key_len, if (key_len > 64) { desc->Init(desc->ctx); desc->Update(desc->ctx, key, key_len); - desc->Final(desc->ctx, hashedKey); + desc->Final(hashedKey, desc->ctx); key = (const char*)hashedKey; key_len = desc->digestLength; } |