mod_tls: Collect full certificate chain validation information Enabling at least one of the ssl.verifyext modes enables a callback that collects all the errors, which are used by mod_s2s to report better problem descriptions.

author: Kim Alvefur <zash@zash.se>
date: Tue, 01 Apr 2025 20:49:58 +0200
parent: 13801:a5d5fefb8b68
--- a/plugins/mod_tls.lua	Tue Apr 01 20:42:53 2025 +0200
+++ b/plugins/mod_tls.lua	Tue Apr 01 20:49:58 2025 +0200
@@ -63,7 +63,8 @@
 
 	module:log("debug", "Creating context for s2sout");
 	-- for outgoing server connections
-	ssl_ctx_s2sout, err_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s, xmpp_alpn);
+	ssl_ctx_s2sout, err_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s, xmpp_alpn,
+		custom_cert_verification);
 	if not ssl_ctx_s2sout then module:log("error", "Error creating contexts for s2sout: %s", err_s2sout); end
 
 	module:log("debug", "Creating context for s2sin");