view mod_s2s_auth_samecert/mod_s2s_auth_samecert.lua @ 6317:7b693a5539ad

mod_auth_http_async: Update documentation The required async APIs were included in 0.10.0, but at the time of this writing we only consider 0.12.x and later supported. The fallback sync API would have made it work with even earlier versions, but I don't remember specifically and it doesn't matter.
author Kim Alvefur <zash@zash.se>
date Tue, 02 Sep 2025 21:32:01 +0200
parents c9397cd5cfe6
children
line wrap: on
line source

module:set_global()

local hosts = prosody.hosts;

module:hook("s2s-check-certificate", function(event)
	local session, cert = event.session, event.cert;
	if not cert or session.direction ~= "incoming" then return end

	local outgoing = hosts[session.to_host].s2sout[session.from_host];
	if outgoing and outgoing.type == "s2sout" and outgoing.secure and outgoing.conn:socket():getpeercertificate():pem() == cert:pem() then
		session.log("debug", "Certificate matches that of s2sout%s", tostring(outgoing):match("[a-f0-9]+$"));
		session.cert_identity_status = outgoing.cert_identity_status;
		session.cert_chain_status = outgoing.cert_chain_status;
		return true;
	end
end, 1000);