annotate mod_s2s_auth_samecert/mod_s2s_auth_samecert.lua @ 6083:ffd0184cd478

mod_compliance_latest: New module that depends on and therefore loads the latest compliance tester mod. diff --git a/mod_compliance_latest/README.md b/mod_compliance_latest/README.md new file mode 100644 --- /dev/null +++ b/mod_compliance_latest/README.md @@ -0,0 +1,25 @@ +--- +summary: XMPP Compliance Suites self-test +labels: +- Stage-Beta +rockspec: + dependencies: + - mod_compliance_2023 +... + +# Introduction + +This module will always require and load to the lastest compliance tester we have in the community modules. +Currently this is [mod_compliance_2023]. + +# Configuration + +Just load this module as any other module and it will automatically install [mod_compliance_2023] if you use the Prosody plugin installer. +See the linked module for further details. + +# Compatibility + + Prosody-Version Status + --------------- ---------------------- + trunk Works as of 2024-12-22 + 0.12 Works diff --git a/mod_compliance_latest/mod_compliance_latest.lua b/mod_compliance_latest/mod_compliance_latest.lua new file mode 100644 --- /dev/null +++ b/mod_compliance_latest/mod_compliance_latest.lua @@ -0,0 +1,1 @@ +module:depends("compliance_2023");
author Menel <menel@snikket.de>
date Sun, 22 Dec 2024 18:12:42 +0100
parents c9397cd5cfe6
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2204
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 module:set_global()
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 local hosts = prosody.hosts;
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 module:hook("s2s-check-certificate", function(event)
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 local session, cert = event.session, event.cert;
4675
c9397cd5cfe6 mod_s2s_auth_samecert: Handle lack of provided client certificate
Kim Alvefur <zash@zash.se>
parents: 2234
diff changeset
7 if not cert or session.direction ~= "incoming" then return end
c9397cd5cfe6 mod_s2s_auth_samecert: Handle lack of provided client certificate
Kim Alvefur <zash@zash.se>
parents: 2234
diff changeset
8
2204
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 local outgoing = hosts[session.to_host].s2sout[session.from_host];
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 if outgoing and outgoing.type == "s2sout" and outgoing.secure and outgoing.conn:socket():getpeercertificate():pem() == cert:pem() then
2234
3024116d6093 mod_s2s_auth_samecert: Log which s2sout has a matching cert
Kim Alvefur <zash@zash.se>
parents: 2204
diff changeset
11 session.log("debug", "Certificate matches that of s2sout%s", tostring(outgoing):match("[a-f0-9]+$"));
2204
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 session.cert_identity_status = outgoing.cert_identity_status;
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 session.cert_chain_status = outgoing.cert_chain_status;
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 return true;
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 end
affccf479f89 mod_s2s_auth_samecert: Authenticate incoming s2s connection if certificate matches that of an established outgoing s2s connection
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 end, 1000);