aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_s2s
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2013-08-05 20:47:38 +0200
committerKim Alvefur <zash@zash.se>2013-08-05 20:47:38 +0200
commitb8347b9dc1586f95989a9c131ea38e88df68d2a0 (patch)
tree6d2e180589faba849006a0d850bcb4d7de396664 /plugins/mod_s2s
parentca8306b25bd7b99e30b14ac6525ec66ac6d95bd3 (diff)
downloadprosody-b8347b9dc1586f95989a9c131ea38e88df68d2a0.tar.gz
prosody-b8347b9dc1586f95989a9c131ea38e88df68d2a0.zip
mod_s2s: Improve policy check
Diffstat (limited to 'plugins/mod_s2s')
-rw-r--r--plugins/mod_s2s/mod_s2s.lua2
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index ccf85012..95015526 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -642,7 +642,7 @@ function check_auth_policy(event)
must_secure = false;
end
- if must_secure and not session.cert_identity_status then
+ if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then
module:log("warn", "Forbidding insecure connection to/from %s", host);
if session.direction == "incoming" then
session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host });