diff options
| -rw-r--r-- | plugins/mod_s2s.lua | 11 | ||||
| -rw-r--r-- | util/argparse.lua | 4 |
2 files changed, 13 insertions, 2 deletions
diff --git a/plugins/mod_s2s.lua b/plugins/mod_s2s.lua index 5f60e01c..2f3815c4 100644 --- a/plugins/mod_s2s.lua +++ b/plugins/mod_s2s.lua @@ -343,6 +343,15 @@ function make_authenticated(event) }, nil, "Could not establish encrypted connection to remote server"); end end + + if session.type == "s2sout_unauthed" and not session.authenticated_remote and secure_auth and not insecure_domains[host] then + session:close({ + condition = "policy-violation"; + text = "Failed to verify certificate (internal error)"; + }); + return; + end + if hosts[host] then session:close({ condition = "undefined-condition", text = "Attempt to authenticate as a host we serve" }); end @@ -525,6 +534,8 @@ function stream_callbacks._streamopened(session, attr) if session.secure and not session.cert_chain_status then if check_cert_status(session) == false then return; + else + session.authenticated_remote = true; end end diff --git a/util/argparse.lua b/util/argparse.lua index c08a857c..6d227b5b 100644 --- a/util/argparse.lua +++ b/util/argparse.lua @@ -5,7 +5,7 @@ local function parse(arg, config) local parsed_opts = {}; if #arg == 0 then - return parsed_opts; + return parsed_opts, arg; end while true do local raw_param = arg[1]; @@ -47,7 +47,7 @@ local function parse(arg, config) end parsed_opts[param_k] = param_v; end - return parsed_opts; + return parsed_opts, arg; end return { |