prosody
41598b7ec543
plugins/mod_admin_shell.lua
Software / code / prosody
Comparison
plugins/mod_admin_shell.lua @ 13089:41598b7ec543
mod_admin_shell: Refactor 'cert' column
Removes some dead code and hopefully simplifies a bit.
There's a tree of possibilities with the two tri-state status
properties, something like
chain:
* nil -- cert validation disabled?
* invalid -- something wrong with the chain (including ee cert)
* valid -- chain ok
cert:
* nil -- incomplete validation??
* invalid -- mismatched names or such
* valid -- all good!
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 30 Apr 2023 23:45:55 +0200 |
| parent | 13079:e7a5e5a0dc02 |
| child | 13104:8c786880e28d |
comparison
equal
deleted
inserted
replaced
| 13088:0fbb2b3fd4c0 | 13089:41598b7ec543 |
|---|---|
| 900 title = "Certificate"; | 900 title = "Certificate"; |
| 901 description = "Validation status of certificate"; | 901 description = "Validation status of certificate"; |
| 902 key = "cert_identity_status"; | 902 key = "cert_identity_status"; |
| 903 width = math.max(#"Expired", #"Self-signed", #"Untrusted", #"Mismatched", #"Unknown"); | 903 width = math.max(#"Expired", #"Self-signed", #"Untrusted", #"Mismatched", #"Unknown"); |
| 904 mapper = function(cert_status, session) | 904 mapper = function(cert_status, session) |
| 905 if cert_status then return capitalize(cert_status); end | 905 if cert_status == "invalid" then |
| 906 if session.cert_chain_status == "invalid" then | 906 -- non-nil cert_identity_status implies valid chain, which covers just |
| 907 -- about every error condition except mismatched certificate names | |
| 908 return "Mismatched"; | |
| 909 elseif cert_status then | |
| 910 -- basically only "valid" | |
| 911 return capitalize(cert_status); | |
| 912 end | |
| 913 -- no certificate status, | |
| 914 if session.cert_chain_errors then | |
| 907 local cert_errors = set.new(session.cert_chain_errors[1]); | 915 local cert_errors = set.new(session.cert_chain_errors[1]); |
| 908 if cert_errors:contains("certificate has expired") then | 916 if cert_errors:contains("certificate has expired") then |
| 909 return "Expired"; | 917 return "Expired"; |
| 910 elseif cert_errors:contains("self signed certificate") then | 918 elseif cert_errors:contains("self signed certificate") then |
| 911 return "Self-signed"; | 919 return "Self-signed"; |
| 912 end | 920 end |
| 921 -- Some other cert issue, or something up the chain | |
| 922 -- TODO borrow more logic from mod_s2s/friendly_cert_error() | |
| 913 return "Untrusted"; | 923 return "Untrusted"; |
| 914 elseif session.cert_identity_status == "invalid" then | |
| 915 return "Mismatched"; | |
| 916 end | 924 end |
| 917 return "Unknown"; | 925 return "Unknown"; |
| 918 end; | 926 end; |
| 919 }; | 927 }; |
| 920 sni = { | 928 sni = { |
