prosody
bb85be686a01

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

12473:bb85be686a01

mod_s2s: Distinguish DANE TLSA errors from generic cert chain errors Otherwise it would just report "is not trusted" unless you inspect the logs. This message is sent to to the remote server, and will hopefully show up in their logs, allowing the admin to fix their DANE setup.
author Kim Alvefur <zash@zash.se>
date Mon, 25 Apr 2022 14:41:54 +0200
parents 12472:48121960983e
children 12476:d8a6e03a7161
files plugins/mod_s2s.lua
diffstat 1 files changed, 2 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_s2s.lua	Mon Apr 25 14:36:56 2022 +0200
+++ b/plugins/mod_s2s.lua	Mon Apr 25 14:41:54 2022 +0200
@@ -925,6 +925,8 @@
 			end
 			if chain_errors:contains("certificate has expired") then
 				return "has an expired certificate chain";
+			elseif chain_errors:contains("No matching DANE TLSA records") then
+				return "does not match any DANE TLSA records";
 			end
 		end
 		return "is not trusted"; -- for some other reason