prosody
b2331f3dfeea
plugins/mod_s2s_auth_certs.lua
Software / code / prosody
Comparison
plugins/mod_s2s_auth_certs.lua @ 11120:b2331f3dfeea
Merge 0.11->trunk
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Wed, 30 Sep 2020 09:50:33 +0100 |
| parent | 10454:6c3fccb75b38 |
| child | 11835:a405884c62f4 |
comparison
equal
deleted
inserted
replaced
| 11119:68df52bf08d5 | 11120:b2331f3dfeea |
|---|---|
| 15 end | 15 end |
| 16 | 16 |
| 17 local chain_valid, errors; | 17 local chain_valid, errors; |
| 18 if conn.getpeerverification then | 18 if conn.getpeerverification then |
| 19 chain_valid, errors = conn:getpeerverification(); | 19 chain_valid, errors = conn:getpeerverification(); |
| 20 elseif conn.getpeerchainvalid then -- COMPAT mw/luasec-hg | |
| 21 chain_valid, errors = conn:getpeerchainvalid(); | |
| 22 errors = (not chain_valid) and { { errors } } or nil; | |
| 23 else | 20 else |
| 24 chain_valid, errors = false, { { "Chain verification not supported by this version of LuaSec" } }; | 21 chain_valid, errors = false, { { "Chain verification not supported by this version of LuaSec" } }; |
| 25 end | 22 end |
| 26 -- Is there any interest in printing out all/the number of errors here? | 23 -- Is there any interest in printing out all/the number of errors here? |
| 27 if not chain_valid then | 24 if not chain_valid then |
| 28 log("debug", "certificate chain validation result: invalid"); | 25 log("debug", "certificate chain validation result: invalid"); |
| 29 for depth, t in pairs(errors or NULL) do | 26 for depth, t in pairs(errors or NULL) do |
| 30 log("debug", "certificate error(s) at depth %d: %s", depth-1, table.concat(t, ", ")) | 27 log("debug", "certificate error(s) at depth %d: %s", depth-1, table.concat(t, ", ")) |
| 31 end | 28 end |
| 32 session.cert_chain_status = "invalid"; | 29 session.cert_chain_status = "invalid"; |
| 30 session.cert_chain_errors = errors; | |
| 33 else | 31 else |
| 34 log("debug", "certificate chain validation result: valid"); | 32 log("debug", "certificate chain validation result: valid"); |
| 35 session.cert_chain_status = "valid"; | 33 session.cert_chain_status = "valid"; |
| 36 | 34 |
| 37 -- We'll go ahead and verify the asserted identity if the | 35 -- We'll go ahead and verify the asserted identity if the |
