aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2022-04-25 15:09:53 +0100
committerMatthew Wild <mwild1@gmail.com>2022-04-25 15:09:53 +0100
commitfc5a8d7f4a909e60fc89a495a57950c1f4eb6166 (patch)
tree4f6ffd64999dcae04f02cda682a42846034dfa53
parentf40337890ee71a17a80f86af3e2789f3a508b94d (diff)
parent0eef6dde1e3193ec86f949acc114e91c36c5f365 (diff)
downloadprosody-fc5a8d7f4a909e60fc89a495a57950c1f4eb6166.tar.gz
prosody-fc5a8d7f4a909e60fc89a495a57950c1f4eb6166.zip
Merge 0.12->trunk
-rw-r--r--plugins/mod_s2s.lua11
-rw-r--r--util/argparse.lua4
2 files changed, 13 insertions, 2 deletions
diff --git a/plugins/mod_s2s.lua b/plugins/mod_s2s.lua
index 5f60e01c..2f3815c4 100644
--- a/plugins/mod_s2s.lua
+++ b/plugins/mod_s2s.lua
@@ -343,6 +343,15 @@ function make_authenticated(event)
}, nil, "Could not establish encrypted connection to remote server");
end
end
+
+ if session.type == "s2sout_unauthed" and not session.authenticated_remote and secure_auth and not insecure_domains[host] then
+ session:close({
+ condition = "policy-violation";
+ text = "Failed to verify certificate (internal error)";
+ });
+ return;
+ end
+
if hosts[host] then
session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" });
end
@@ -525,6 +534,8 @@ function stream_callbacks._streamopened(session, attr)
if session.secure and not session.cert_chain_status then
if check_cert_status(session) == false then
return;
+ else
+ session.authenticated_remote = true;
end
end
diff --git a/util/argparse.lua b/util/argparse.lua
index c08a857c..6d227b5b 100644
--- a/util/argparse.lua
+++ b/util/argparse.lua
@@ -5,7 +5,7 @@ local function parse(arg, config)
local parsed_opts = {};
if #arg == 0 then
- return parsed_opts;
+ return parsed_opts, arg;
end
while true do
local raw_param = arg[1];
@@ -47,7 +47,7 @@ local function parse(arg, config)
end
parsed_opts[param_k] = param_v;
end
- return parsed_opts;
+ return parsed_opts, arg;
end
return {