prosody
078780f262d5
plugins/mod_s2s.lua
Software / code / prosody
Comparison
plugins/mod_s2s.lua @ 13516:078780f262d5
mod_s2s: Fix traceback due to type confusion (Thanks Menel)
The code assumed a 2-d sparse array but it could also be a string.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 26 Aug 2024 19:21:03 +0200 |
| parent | 13504:2159a206684e |
| child | 13534:d532176d4334 |
comparison
equal
deleted
inserted
replaced
| 13514:a1bc6533bbba | 13516:078780f262d5 |
|---|---|
| 984 end | 984 end |
| 985 | 985 |
| 986 -- Complete the sentence "Your certificate " with what's wrong | 986 -- Complete the sentence "Your certificate " with what's wrong |
| 987 local function friendly_cert_error(session) --> string | 987 local function friendly_cert_error(session) --> string |
| 988 if session.cert_chain_status == "invalid" then | 988 if session.cert_chain_status == "invalid" then |
| 989 if session.cert_chain_errors then | 989 if type(session.cert_chain_errors) == "table" then |
| 990 local cert_errors = set.new(session.cert_chain_errors[1]); | 990 local cert_errors = set.new(session.cert_chain_errors[1]); |
| 991 if cert_errors:contains("certificate has expired") then | 991 if cert_errors:contains("certificate has expired") then |
| 992 return "has expired"; | 992 return "has expired"; |
| 993 elseif cert_errors:contains("self signed certificate") then | 993 elseif cert_errors:contains("self signed certificate") then |
| 994 return "is self-signed"; | 994 return "is self-signed"; |
| 1004 return "has an expired certificate chain"; | 1004 return "has an expired certificate chain"; |
| 1005 elseif chain_errors:contains("no matching DANE TLSA records") then | 1005 elseif chain_errors:contains("no matching DANE TLSA records") then |
| 1006 return "does not match any DANE TLSA records"; | 1006 return "does not match any DANE TLSA records"; |
| 1007 end | 1007 end |
| 1008 end | 1008 end |
| 1009 -- TODO cert_chain_errors can be a string, handle that | |
| 1009 return "is not trusted"; -- for some other reason | 1010 return "is not trusted"; -- for some other reason |
| 1010 elseif session.cert_identity_status == "invalid" then | 1011 elseif session.cert_identity_status == "invalid" then |
| 1011 return "is not valid for this name"; | 1012 return "is not valid for this name"; |
| 1012 end | 1013 end |
| 1013 -- this should normally be unreachable except if no s2s auth module was loaded | 1014 -- this should normally be unreachable except if no s2s auth module was loaded |
