prosody
68d540df46b8

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

13253:68d540df46b8

mod_s2s: Fix reporting of DANE mismatch Thought it was a case mismatch at first, fixed that, but it changed nothing because the error was in the leaf part of the errors, not the chain part.
author Kim Alvefur <zash@zash.se>
date Sat, 05 Aug 2023 20:41:24 +0200
parents 13252:84c7779618b6
children 13255:df96af198222
files plugins/mod_s2s.lua
diffstat 1 files changed, 3 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_s2s.lua	Sat Jul 29 02:04:24 2023 +0200
+++ b/plugins/mod_s2s.lua	Sat Aug 05 20:41:24 2023 +0200
@@ -963,6 +963,8 @@
 				return "has expired";
 			elseif cert_errors:contains("self signed certificate") then
 				return "is self-signed";
+			elseif cert_errors:contains("no matching DANE TLSA records") then
+				return "does not match any DANE TLSA records";
 			end
 
 			local chain_errors = set.new(session.cert_chain_errors[2]);
@@ -971,7 +973,7 @@
 			end
 			if chain_errors:contains("certificate has expired") then
 				return "has an expired certificate chain";
-			elseif chain_errors:contains("No matching DANE TLSA records") then
+			elseif chain_errors:contains("no matching DANE TLSA records") then
 				return "does not match any DANE TLSA records";
 			end
 		end