util.x509: Only compare identity with oid-on-xmppAddr for XMPP services

author Kim Alvefur <zash@zash.se>

Thu, 26 Sep 2013 14:55:39 +0000 (16:55 +0200)

committer Kim Alvefur <zash@zash.se>

Thu, 26 Sep 2013 14:55:39 +0000 (16:55 +0200)
author Kim Alvefur <zash@zash.se>
Thu, 26 Sep 2013 14:55:39 +0000 (16:55 +0200)
committer Kim Alvefur <zash@zash.se>
Thu, 26 Sep 2013 14:55:39 +0000 (16:55 +0200)
diff --git a/util/x509.lua b/util/x509.lua

index 19d4ec6d791d5ca79268af567a989d480484b19a..857f02a409087e3dc8716ca2e4c8ba6f91ae9d82 100644 (file)
--- a/util/x509.lua
+++ b/util/x509.lua
@@ -161,7 +161,9 @@ function verify_identity(host, service, cert)
  
                 if sans[oid_xmppaddr] then
                         had_supported_altnames = true
-                       if compare_xmppaddr(host, sans[oid_xmppaddr]) then return true end
+                       if service == "_xmpp-client" or service == "_xmpp-server" then
+                               if compare_xmppaddr(host, sans[oid_xmppaddr]) then return true end
+                       end
                 end
  
                 if sans[oid_dnssrv] then
author	Kim Alvefur <zash@zash.se>
	Thu, 26 Sep 2013 14:55:39 +0000 (16:55 +0200)
committer	Kim Alvefur <zash@zash.se>
	Thu, 26 Sep 2013 14:55:39 +0000 (16:55 +0200)