diff options
| author | Kim Alvefur <zash@zash.se> | 2013-08-05 20:47:38 +0200 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2013-08-05 20:47:38 +0200 |
| commit | e7a6270495046595455503285d52fe24a0ac219f (patch) | |
| tree | 6d2e180589faba849006a0d850bcb4d7de396664 /plugins | |
| parent | 9ca3a6fd012fd2da7d83af3514ff81d5ccf5c5f5 (diff) | |
| download | prosody-e7a6270495046595455503285d52fe24a0ac219f.tar.gz prosody-e7a6270495046595455503285d52fe24a0ac219f.zip | |
mod_s2s: Improve policy check
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/mod_s2s/mod_s2s.lua | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index ccf85012..95015526 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -642,7 +642,7 @@ function check_auth_policy(event) must_secure = false; end - if must_secure and not session.cert_identity_status then + if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then module:log("warn", "Forbidding insecure connection to/from %s", host); if session.direction == "incoming" then session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host }); |