mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-03 05:07:42 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

mod_s2s: Fix reporting of DANE mismatch

Browse source 
Thought it was a case mismatch at first, fixed that, but it changed
nothing because the error was in the leaf part of the errors, not the
chain part.
This commit is contained in:
Kim Alvefur 2023-08-05 20:41:24 +02:00
parent f8a2c4d7ab
commit b5d791c8bf
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
plugins/mod_s2s.lua
View file

@ -963,6 +963,8 @@ local function friendly_cert_error(session) --> string
return "has expired";
elseif cert_errors:contains("self signed certificate") then
return "is self-signed";
elseif cert_errors:contains("no matching DANE TLSA records") then
return "does not match any DANE TLSA records";
end
local chain_errors = set.new(session.cert_chain_errors[2]);
@ -971,7 +973,7 @@ local function friendly_cert_error(session) --> string
end
if chain_errors:contains("certificate has expired") then
return "has an expired certificate chain";
elseif chain_errors:contains("No matching DANE TLSA records") then
elseif chain_errors:contains("no matching DANE TLSA records") then
return "does not match any DANE TLSA records";
end
end