mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-04 13:47:41 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

mod_s2s: Recognise and report errors with CA or intermediate certs

Browse source 
Should be invoked for cases such as when the Let's Encrypt intermediate
certificate expired not too long ago.
This commit is contained in:
Kim Alvefur 2022-04-25 14:36:56 +02:00
parent 5db031e070
commit 192e0081ce
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
plugins/mod_s2s.lua
View file

@ -918,6 +918,14 @@ local function friendly_cert_error(session) --> string
elseif cert_errors:contains("self signed certificate") then
return "is self-signed";
end
local chain_errors = set.new(session.cert_chain_errors[2]);
for i, e in pairs(session.cert_chain_errors) do
if i > 2 then chain_errors:add_list(e); end
end
if chain_errors:contains("certificate has expired") then
return "has an expired certificate chain";
end
end
return "is not trusted"; -- for some other reason
elseif session.cert_identity_status == "invalid" then