Diff

mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 2003:8ccf347c7753

mod_s2s_auth_dane: Warn only if there enabled uses that can't be supported
author Kim Alvefur <zash@zash.se>
date Mon, 11 Jan 2016 15:45:09 +0100
parent 1972:b10118d7c0df
child 2032:6645838c6475
line wrap: on
line diff
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Sun Jan 10 04:58:14 2016 +0100
+++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Mon Jan 11 15:45:09 2016 +0100
@@ -57,11 +57,15 @@
 		implemented_uses:add("DANE-TA");
 		implemented_uses:add("PKIX-CA");
 	else
-		module:log("warn", "Unable to support DANE-TA and PKIX-CA");
+		module:log("debug", "The cert:issued() method is unavailable, DANE-TA and PKIX-CA can't be enabled");
 	end
 end
 local configured_uses = module:get_option_set("dane_uses", { "DANE-EE", "DANE-TA" });
 local enabled_uses = set.intersection(implemented_uses, configured_uses) / function(use) return use_map[use] end;
+local unsupported = configured_uses - implemented_uses;
+if not unsupported:empty() then
+	module:log("warn", "Unable to support DANE uses %s", tostring(unsupported));
+end
 
 -- Find applicable TLSA records
 -- Takes a s2sin/out and a callback