diff options
author | Matthew Wild <mwild1@gmail.com> | 2022-04-25 15:09:53 +0100 |
---|---|---|
committer | Matthew Wild <mwild1@gmail.com> | 2022-04-25 15:09:53 +0100 |
commit | fc5a8d7f4a909e60fc89a495a57950c1f4eb6166 (patch) | |
tree | 4f6ffd64999dcae04f02cda682a42846034dfa53 | |
parent | f40337890ee71a17a80f86af3e2789f3a508b94d (diff) | |
parent | 0eef6dde1e3193ec86f949acc114e91c36c5f365 (diff) | |
download | prosody-fc5a8d7f4a909e60fc89a495a57950c1f4eb6166.tar.gz prosody-fc5a8d7f4a909e60fc89a495a57950c1f4eb6166.zip |
Merge 0.12->trunk
-rw-r--r-- | plugins/mod_s2s.lua | 11 | ||||
-rw-r--r-- | util/argparse.lua | 4 |
2 files changed, 13 insertions, 2 deletions
diff --git a/plugins/mod_s2s.lua b/plugins/mod_s2s.lua index 5f60e01c..2f3815c4 100644 --- a/plugins/mod_s2s.lua +++ b/plugins/mod_s2s.lua @@ -343,6 +343,15 @@ function make_authenticated(event) }, nil, "Could not establish encrypted connection to remote server"); end end + + if session.type == "s2sout_unauthed" and not session.authenticated_remote and secure_auth and not insecure_domains[host] then + session:close({ + condition = "policy-violation"; + text = "Failed to verify certificate (internal error)"; + }); + return; + end + if hosts[host] then session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" }); end @@ -525,6 +534,8 @@ function stream_callbacks._streamopened(session, attr) if session.secure and not session.cert_chain_status then if check_cert_status(session) == false then return; + else + session.authenticated_remote = true; end end diff --git a/util/argparse.lua b/util/argparse.lua index c08a857c..6d227b5b 100644 --- a/util/argparse.lua +++ b/util/argparse.lua @@ -5,7 +5,7 @@ local function parse(arg, config) local parsed_opts = {}; if #arg == 0 then - return parsed_opts; + return parsed_opts, arg; end while true do local raw_param = arg[1]; @@ -47,7 +47,7 @@ local function parse(arg, config) end parsed_opts[param_k] = param_v; end - return parsed_opts; + return parsed_opts, arg; end return { |