aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2013-09-26 16:55:39 +0200
committerKim Alvefur <zash@zash.se>2013-09-26 16:55:39 +0200
commitaabb2521dc8a8bfe91bf1ef53b6d7355935e41c1 (patch)
tree0b7732fb5d7f98e0f0687278a8a2d337cb2d6c43
parent01a163223200a3f0dea90b9a3ea97ddf4fd45a3b (diff)
downloadprosody-aabb2521dc8a8bfe91bf1ef53b6d7355935e41c1.tar.gz
prosody-aabb2521dc8a8bfe91bf1ef53b6d7355935e41c1.zip
util.x509: Only compare identity with oid-on-xmppAddr for XMPP services
-rw-r--r--util/x509.lua4
1 files changed, 3 insertions, 1 deletions
diff --git a/util/x509.lua b/util/x509.lua
index 19d4ec6d..857f02a4 100644
--- a/util/x509.lua
+++ b/util/x509.lua
@@ -161,7 +161,9 @@ function verify_identity(host, service, cert)
if sans[oid_xmppaddr] then
had_supported_altnames = true
- if compare_xmppaddr(host, sans[oid_xmppaddr]) then return true end
+ if service == "_xmpp-client" or service == "_xmpp-server" then
+ if compare_xmppaddr(host, sans[oid_xmppaddr]) then return true end
+ end
end
if sans[oid_dnssrv] then