mod_s2s: Improve policy check

author: Kim Alvefur <zash@zash.se> 2013-08-05 20:47:38 +0200
committer: Kim Alvefur <zash@zash.se> 2013-08-05 20:47:38 +0200
commit: bb9aa809b19f95a01e8a721255cd076f80e5417d (patch)
tree: 6d2e180589faba849006a0d850bcb4d7de396664 /plugins/mod_s2s/mod_s2s.lua
parent: 47ec51ca0761ccb2b775a364a04811c4ee66e3a6 (diff)
download: prosody-bb9aa809b19f95a01e8a721255cd076f80e5417d.tar.gz
prosody-bb9aa809b19f95a01e8a721255cd076f80e5417d.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index ccf85012..95015526 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -642,7 +642,7 @@ function check_auth_policy(event)
 		must_secure = false;
 	end
 	
-	if must_secure and not session.cert_identity_status then
+	if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then
 		module:log("warn", "Forbidding insecure connection to/from %s", host);
 		if session.direction == "incoming" then
 			session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host });
author	Kim Alvefur <zash@zash.se>	2013-08-05 20:47:38 +0200
committer	Kim Alvefur <zash@zash.se>	2013-08-05 20:47:38 +0200
commit	bb9aa809b19f95a01e8a721255cd076f80e5417d (patch)
tree	6d2e180589faba849006a0d850bcb4d7de396664 /plugins/mod_s2s/mod_s2s.lua
parent	47ec51ca0761ccb2b775a364a04811c4ee66e3a6 (diff)
download	prosody-bb9aa809b19f95a01e8a721255cd076f80e5417d.tar.gz prosody-bb9aa809b19f95a01e8a721255cd076f80e5417d.zip