prosody
48121960983e
plugins/mod_s2s.lua
Software / code / prosody
Comparison
plugins/mod_s2s.lua @ 12472:48121960983e
mod_s2s: Recognise and report errors with CA or intermediate certs
Should be invoked for cases such as when the Let's Encrypt intermediate
certificate expired not too long ago.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 25 Apr 2022 14:36:56 +0200 |
| parent | 12462:11765f0605ec |
| child | 12473:bb85be686a01 |
comparison
equal
deleted
inserted
replaced
| 12471:a3b12eeedd4b | 12472:48121960983e |
|---|---|
| 916 if cert_errors:contains("certificate has expired") then | 916 if cert_errors:contains("certificate has expired") then |
| 917 return "has expired"; | 917 return "has expired"; |
| 918 elseif cert_errors:contains("self signed certificate") then | 918 elseif cert_errors:contains("self signed certificate") then |
| 919 return "is self-signed"; | 919 return "is self-signed"; |
| 920 end | 920 end |
| 921 | |
| 922 local chain_errors = set.new(session.cert_chain_errors[2]); | |
| 923 for i, e in pairs(session.cert_chain_errors) do | |
| 924 if i > 2 then chain_errors:add_list(e); end | |
| 925 end | |
| 926 if chain_errors:contains("certificate has expired") then | |
| 927 return "has an expired certificate chain"; | |
| 928 end | |
| 921 end | 929 end |
| 922 return "is not trusted"; -- for some other reason | 930 return "is not trusted"; -- for some other reason |
| 923 elseif session.cert_identity_status == "invalid" then | 931 elseif session.cert_identity_status == "invalid" then |
| 924 return "is not valid for this name"; | 932 return "is not valid for this name"; |
| 925 end | 933 end |
