Software / code / prosody-modules
Changeset
1436:3944e364ba88
mod_s2s_auth_dane: Add some more info to log messages
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 13 Jun 2014 02:19:52 +0200 |
| parents | 1435:cdc8f226a284 |
| children | 1437:161bbe0b9dd3 |
| files | mod_s2s_auth_dane/mod_s2s_auth_dane.lua |
| diffstat | 1 files changed, 8 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Thu Jun 12 12:31:50 2014 +0200 +++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Fri Jun 13 02:19:52 2014 +0200 @@ -182,7 +182,7 @@ local use, tlsa, match_found, supported_found, chain, leafcert, cacert, is_match; for i = 1, #dane do tlsa = dane[i].tlsa; - module:log("debug", "TLSA %s %s %s %d bytes of data", tlsa:getUsage(), tlsa:getSelector(), tlsa:getMatchType(), #tlsa.data); + module:log("debug", "TLSA #%d %s %s %s %d bytes of data", i, tlsa:getUsage(), tlsa:getSelector(), tlsa:getMatchType(), #tlsa.data); use = tlsa.use; if enabled_uses:contains(use) then @@ -194,7 +194,7 @@ supported_found = true; end if is_match then - log("info", "DANE validation successful"); + log("info", "DANE validated ok using %s", tlsa:getUsage()); session.cert_identity_status = "valid"; if use == 3 then -- DANE-EE, chain status equals DNSSEC chain status session.cert_chain_status = "valid"; @@ -219,7 +219,7 @@ break; end if is_match then - log("info", "DANE validation successful"); + log("info", "DANE validated ok using %s", tlsa:getUsage()); if use == 2 then -- DANE-TA session.cert_identity_status = "valid"; session.cert_chain_status = "valid"; @@ -235,7 +235,11 @@ end if supported_found and not match_found or dane.bogus then -- No TLSA matched or response was bogus - log("warn", "DANE validation failed"); + local why = "No TLSA matched certificate"; + if dane.bogus then + why = "Bogus: "..tostring(dane.bogus); + end + log("warn", "DANE validation failed: %s", why); session.cert_identity_status = "invalid"; session.cert_chain_status = "invalid"; end
