Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_s2s: Recognise and report errors with CA or intermediate certs
authorKim Alvefur <zash@zash.se>
Mon, 25 Apr 2022 14:36:56 +0200
changeset 12476 48121960983e
parent 12475 a3b12eeedd4b
child 12477 bb85be686a01
mod_s2s: Recognise and report errors with CA or intermediate certs Should be invoked for cases such as when the Let's Encrypt intermediate certificate expired not too long ago.
plugins/mod_s2s.lua file | annotate | diff | comparison | revisions 
--- a/plugins/mod_s2s.lua	Sun Apr 24 16:17:32 2022 +0200
+++ b/plugins/mod_s2s.lua	Mon Apr 25 14:36:56 2022 +0200
@@ -918,6 +918,14 @@
 			elseif cert_errors:contains("self signed certificate") then
 				return "is self-signed";
 			end
+
+			local chain_errors = set.new(session.cert_chain_errors[2]);
+			for i, e in pairs(session.cert_chain_errors) do
+				if i > 2 then chain_errors:add_list(e); end
+			end
+			if chain_errors:contains("certificate has expired") then
+				return "has an expired certificate chain";
+			end
 		end
 		return "is not trusted"; -- for some other reason
 	elseif session.cert_identity_status == "invalid" then
prosody