# HG changeset patch # User Kim Alvefur # Date 1682891155 -7200 # Node ID 41598b7ec54342a13f98a9e7dea1866ea9ec1362 # Parent 0fbb2b3fd4c04254be79deb54219d60059cf35e9 mod_admin_shell: Refactor 'cert' column Removes some dead code and hopefully simplifies a bit. There's a tree of possibilities with the two tri-state status properties, something like chain: * nil -- cert validation disabled? * invalid -- something wrong with the chain (including ee cert) * valid -- chain ok cert: * nil -- incomplete validation?? * invalid -- mismatched names or such * valid -- all good! diff -r 0fbb2b3fd4c0 -r 41598b7ec543 plugins/mod_admin_shell.lua --- a/plugins/mod_admin_shell.lua Sun Apr 23 10:42:07 2023 +0200 +++ b/plugins/mod_admin_shell.lua Sun Apr 30 23:45:55 2023 +0200 @@ -902,17 +902,25 @@ key = "cert_identity_status"; width = math.max(#"Expired", #"Self-signed", #"Untrusted", #"Mismatched", #"Unknown"); mapper = function(cert_status, session) - if cert_status then return capitalize(cert_status); end - if session.cert_chain_status == "invalid" then + if cert_status == "invalid" then + -- non-nil cert_identity_status implies valid chain, which covers just + -- about every error condition except mismatched certificate names + return "Mismatched"; + elseif cert_status then + -- basically only "valid" + return capitalize(cert_status); + end + -- no certificate status, + if session.cert_chain_errors then local cert_errors = set.new(session.cert_chain_errors[1]); if cert_errors:contains("certificate has expired") then return "Expired"; elseif cert_errors:contains("self signed certificate") then return "Self-signed"; end + -- Some other cert issue, or something up the chain + -- TODO borrow more logic from mod_s2s/friendly_cert_error() return "Untrusted"; - elseif session.cert_identity_status == "invalid" then - return "Mismatched"; end return "Unknown"; end;