+ local to, from = nameprep(attr.to), nameprep(attr.from);
+
+ if not hosts[to] then
+ -- Not a host that we serve
+ origin.log("warn", "%s tried to connect to %s, which we don't serve", from, to);
+ origin:close("host-unknown");
+ return true;
+ elseif not from then
+ origin:close("improper-addressing");
+ end
+
+ if dwd and origin.secure then
+ if check_cert_status(origin, from) == false then
+ return
+ elseif origin.cert_chain_status == "valid" and origin.cert_identity_status == "valid" then
+ origin.sends2s(st.stanza("db:result", { to = from, from = to, id = attr.id, type = "valid" }));
+ module:fire_event("s2s-authenticated", { session = origin, host = from });
+ return true;
+ end
+ end
+
+ origin.hosts[from] = { dialback_key = stanza[1] };
+
+ dialback_requests[from.."/"..origin.streamid] = origin;
+
+ -- COMPAT: ejabberd, gmail and perhaps others do not always set 'to' and 'from'
+ -- on streams. We fill in the session's to/from here instead.
+ if not origin.from_host then
+ origin.from_host = from;
+ end
+ if not origin.to_host then
+ origin.to_host = to;
+ end
+
+ origin.log("debug", "asking %s if key %s belongs to them", from, stanza[1]);
+ module:fire_event("route/remote", {
+ from_host = to, to_host = from;
+ stanza = st.stanza("db:verify", { from = to, to = from, id = origin.streamid }):text(stanza[1]);
+ });
+ return true;
+ end
+end);
+
+module:hook("stanza/jabber:server:dialback:verify", function(event)
+ local origin, stanza = event.origin, event.stanza;
+
+ if origin.type == "s2sout_unauthed" or origin.type == "s2sout" then