equal
deleted
inserted
replaced
240 -- No TLSA matched or response was bogus |
240 -- No TLSA matched or response was bogus |
241 local why = "No TLSA matched certificate"; |
241 local why = "No TLSA matched certificate"; |
242 if dane.bogus then |
242 if dane.bogus then |
243 why = "Bogus: "..tostring(dane.bogus); |
243 why = "Bogus: "..tostring(dane.bogus); |
244 end |
244 end |
245 log("warn", "DANE validation failed: %s", why); |
245 log("warn", "DANE validation failed for %s: %s", host, why); |
246 session.cert_identity_status = "invalid"; |
246 session.cert_identity_status = "invalid"; |
247 session.cert_chain_status = "invalid"; |
247 session.cert_chain_status = "invalid"; |
248 end |
248 end |
249 else |
249 else |
250 if session.cert_chain_status == "valid" and session.cert_identity_status ~= "valid" |
250 if session.cert_chain_status == "valid" and session.cert_identity_status ~= "valid" |