# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1708547356 -3600
# Node ID 3c219effe707b4335de1db503e8f39ff84bbf06a
# Parent  3c80124452ed69d70c5b0c0a00a902bfec4c715e
mod_s2s_auth_certs: Handle potential string error

conn:ssl_peerverification() can now return a single error in case the
connection has been closed for whatever reason

diff -r 3c80124452ed -r 3c219effe707 plugins/mod_s2s_auth_certs.lua
--- a/plugins/mod_s2s_auth_certs.lua	Sun Jan 21 22:59:50 2024 +0100
+++ b/plugins/mod_s2s_auth_certs.lua	Wed Feb 21 21:29:16 2024 +0100
@@ -1,7 +1,6 @@
 module:set_global();
 
 local cert_verify_identity = require "prosody.util.x509".verify_identity;
-local NULL = {};
 local log = module._log;
 
 local measure_cert_statuses = module:metric("counter", "checked", "", "Certificate validation results",
@@ -23,8 +22,12 @@
 	-- Is there any interest in printing out all/the number of errors here?
 	if not chain_valid then
 		log("debug", "certificate chain validation result: invalid");
-		for depth, t in pairs(errors or NULL) do
-			log("debug", "certificate error(s) at depth %d: %s", depth-1, table.concat(t, ", "))
+		if type(errors) == "table" then
+			for depth, t in pairs(errors) do
+				log("debug", "certificate error(s) at depth %d: %s", depth-1, table.concat(t, ", "));
+			end
+		else
+			log("debug", "certificate error: %s", errors);
 		end
 		session.cert_chain_status = "invalid";
 		session.cert_chain_errors = errors;