From bb9aa809b19f95a01e8a721255cd076f80e5417d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 5 Aug 2013 20:47:38 +0200 Subject: mod_s2s: Improve policy check --- plugins/mod_s2s/mod_s2s.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/mod_s2s/mod_s2s.lua') diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index ccf85012..95015526 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -642,7 +642,7 @@ function check_auth_policy(event) must_secure = false; end - if must_secure and not session.cert_identity_status then + if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then module:log("warn", "Forbidding insecure connection to/from %s", host); if session.direction == "incoming" then session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host }); -- cgit v1.2.3