diff options
author | Kim Alvefur <zash@zash.se> | 2013-09-26 16:55:39 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2013-09-26 16:55:39 +0200 |
commit | aabb2521dc8a8bfe91bf1ef53b6d7355935e41c1 (patch) | |
tree | 0b7732fb5d7f98e0f0687278a8a2d337cb2d6c43 | |
parent | 01a163223200a3f0dea90b9a3ea97ddf4fd45a3b (diff) | |
download | prosody-aabb2521dc8a8bfe91bf1ef53b6d7355935e41c1.tar.gz prosody-aabb2521dc8a8bfe91bf1ef53b6d7355935e41c1.zip |
util.x509: Only compare identity with oid-on-xmppAddr for XMPP services
-rw-r--r-- | util/x509.lua | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/util/x509.lua b/util/x509.lua index 19d4ec6d..857f02a4 100644 --- a/util/x509.lua +++ b/util/x509.lua @@ -161,7 +161,9 @@ function verify_identity(host, service, cert) if sans[oid_xmppaddr] then had_supported_altnames = true - if compare_xmppaddr(host, sans[oid_xmppaddr]) then return true end + if service == "_xmpp-client" or service == "_xmpp-server" then + if compare_xmppaddr(host, sans[oid_xmppaddr]) then return true end + end end if sans[oid_dnssrv] then |