mod_s2s: Fix reporting of DANE mismatch
Thought it was a case mismatch at first, fixed that, but it changed
nothing because the error was in the leaf part of the errors, not the
chain part.
--- a/plugins/mod_s2s.lua Sat Jul 29 02:04:24 2023 +0200
+++ b/plugins/mod_s2s.lua Sat Aug 05 20:41:24 2023 +0200
@@ -963,6 +963,8 @@
return "has expired";
elseif cert_errors:contains("self signed certificate") then
return "is self-signed";
+ elseif cert_errors:contains("no matching DANE TLSA records") then
+ return "does not match any DANE TLSA records";
end
local chain_errors = set.new(session.cert_chain_errors[2]);
@@ -971,7 +973,7 @@
end
if chain_errors:contains("certificate has expired") then
return "has an expired certificate chain";
- elseif chain_errors:contains("No matching DANE TLSA records") then
+ elseif chain_errors:contains("no matching DANE TLSA records") then
return "does not match any DANE TLSA records";
end
end