Mercurial > prosody-modules
view mod_s2s_auth_samecert/mod_s2s_auth_samecert.lua @ 6556:7477e97a9045
mod_firewall: Apply pre-reload state before re-reading config
This change makes load/reload a bit more robust. module.load() runs before
module.restore() and it reads from the config and updates the state (if
needed).
However, after this, module.restore() could run and apply the old state again.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sun, 24 May 2026 20:03:20 +0100 |
| parents | c9397cd5cfe6 |
| children |
line wrap: on
line source
module:set_global() local hosts = prosody.hosts; module:hook("s2s-check-certificate", function(event) local session, cert = event.session, event.cert; if not cert or session.direction ~= "incoming" then return end local outgoing = hosts[session.to_host].s2sout[session.from_host]; if outgoing and outgoing.type == "s2sout" and outgoing.secure and outgoing.conn:socket():getpeercertificate():pem() == cert:pem() then session.log("debug", "Certificate matches that of s2sout%s", tostring(outgoing):match("[a-f0-9]+$")); session.cert_identity_status = outgoing.cert_identity_status; session.cert_chain_status = outgoing.cert_chain_status; return true; end end, 1000);
