prosody
48121960983e
plugins/mod_s2s.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Diff

plugins/mod_s2s.lua @ 12472:48121960983e

mod_s2s: Recognise and report errors with CA or intermediate certs Should be invoked for cases such as when the Let's Encrypt intermediate certificate expired not too long ago.
author Kim Alvefur <zash@zash.se>
date Mon, 25 Apr 2022 14:36:56 +0200
parent 12462:11765f0605ec
child 12473:bb85be686a01
line wrap: on
line diff
--- a/plugins/mod_s2s.lua	Sun Apr 24 16:17:32 2022 +0200
+++ b/plugins/mod_s2s.lua	Mon Apr 25 14:36:56 2022 +0200
@@ -918,6 +918,14 @@
 			elseif cert_errors:contains("self signed certificate") then
 				return "is self-signed";
 			end
+
+			local chain_errors = set.new(session.cert_chain_errors[2]);
+			for i, e in pairs(session.cert_chain_errors) do
+				if i > 2 then chain_errors:add_list(e); end
+			end
+			if chain_errors:contains("certificate has expired") then
+				return "has an expired certificate chain";
+			end
 		end
 		return "is not trusted"; -- for some other reason
 	elseif session.cert_identity_status == "invalid" then