# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1743533398 -7200
# Node ID eef9a2a53dcbb0c2d73554eb5851082d87e4f05d
# Parent  e128ed4494f349dad44d5d86dadb2405ba5839f5
mod_tls: Collect full certificate chain validation information

Enabling at least one of the ssl.verifyext modes enables a callback that
collects all the errors, which are used by mod_s2s to report better
problem descriptions.

diff -r e128ed4494f3 -r eef9a2a53dcb plugins/mod_tls.lua
--- a/plugins/mod_tls.lua	Tue Apr 01 20:42:53 2025 +0200
+++ b/plugins/mod_tls.lua	Tue Apr 01 20:49:58 2025 +0200
@@ -63,7 +63,8 @@
 
 	module:log("debug", "Creating context for s2sout");
 	-- for outgoing server connections
-	ssl_ctx_s2sout, err_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s, xmpp_alpn);
+	ssl_ctx_s2sout, err_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s, xmpp_alpn,
+		custom_cert_verification);
 	if not ssl_ctx_s2sout then module:log("error", "Error creating contexts for s2sout: %s", err_s2sout); end
 
 	module:log("debug", "Creating context for s2sin");