Software `/` code `/` prosody

Comparison

plugins/mod_s2s_auth_certs.lua @ 12480:7e9ebdc75ce4

net: isolate LuaSec-specifics For this, various accessor functions are now provided directly on the sockets, which reach down into the LuaSec implementation to obtain the information. While this may seem of little gain at first, it hides the implementation detail of the LuaSec+LuaSocket combination that the actual socket and the TLS layer are separate objects. The net gain here is that an alternative implementation does not have to emulate that specific implementation detail and "only" has to expose LuaSec-compatible data structures on the new functions.

author	Jonas Schäfer <jonas@wielicki.name>
date	Wed, 27 Apr 2022 17:44:14 +0200
parent	11835:a405884c62f4
child	12808:12bd40b8e105

comparison

equal deleted inserted replaced

-:82270a6b1234
+:7e9ebdc75ce4
 local measure_cert_statuses = module:metric("counter", "checked", "", "Certificate validation results",
 	{ "chain"; "identity" })
 module:hook("s2s-check-certificate", function(event)
 	local session, host, cert = event.session, event.host, event.cert;
-	local conn = session.conn:socket();
+	local conn = session.conn;
 	local log = session.log or log;
 	if not cert then
 		log("warn", "No certificate provided by %s", host or "unknown host");
 		return;
 	end
 	local chain_valid, errors;
-	if conn.getpeerverification then
+	if conn.ssl_peerverification then
-		chain_valid, errors = conn:getpeerverification();
+		chain_valid, errors = conn:ssl_peerverification();
 	else
 		chain_valid, errors = false, { { "Chain verification not supported by this version of LuaSec" } };
 	end
 	-- Is there any interest in printing out all/the number of errors here?
 	if not chain_valid then

prosody

7e9ebdc75ce4

plugins/mod_s2s_auth_certs.lua

Software / code / prosody

Comparison

plugins/mod_s2s_auth_certs.lua @ 12480:7e9ebdc75ce4

Software `/` code `/` prosody