Software / code / prosody
Changeset
12472:48121960983e
mod_s2s: Recognise and report errors with CA or intermediate certs
Should be invoked for cases such as when the Let's Encrypt intermediate
certificate expired not too long ago.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 25 Apr 2022 14:36:56 +0200 |
| parents | 12471:a3b12eeedd4b |
| children | 12473:bb85be686a01 |
| files | plugins/mod_s2s.lua |
| diffstat | 1 files changed, 8 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_s2s.lua Sun Apr 24 16:17:32 2022 +0200 +++ b/plugins/mod_s2s.lua Mon Apr 25 14:36:56 2022 +0200 @@ -918,6 +918,14 @@ elseif cert_errors:contains("self signed certificate") then return "is self-signed"; end + + local chain_errors = set.new(session.cert_chain_errors[2]); + for i, e in pairs(session.cert_chain_errors) do + if i > 2 then chain_errors:add_list(e); end + end + if chain_errors:contains("certificate has expired") then + return "has an expired certificate chain"; + end end return "is not trusted"; -- for some other reason elseif session.cert_identity_status == "invalid" then
