--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Fri Jun 13 02:19:52 2014 +0200
+++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Sun Jun 15 02:40:18 2014 +0200
@@ -174,7 +174,7 @@
end
module:hook("s2s-check-certificate", function(event)
- local session, cert = event.session, event.cert;
+ local session, cert, host = event.session, event.cert, event.host;
if not cert then return end
local log = session.log or module._log;
local dane = session.dane;
@@ -182,7 +182,7 @@
local use, tlsa, match_found, supported_found, chain, leafcert, cacert, is_match;
for i = 1, #dane do
tlsa = dane[i].tlsa;
- module:log("debug", "TLSA #%d %s %s %s %d bytes of data", i, tlsa:getUsage(), tlsa:getSelector(), tlsa:getMatchType(), #tlsa.data);
+ module:log("debug", "TLSA #%d: %s", i, tostring(tlsa))
use = tlsa.use;
if enabled_uses:contains(use) then
@@ -194,7 +194,7 @@
supported_found = true;
end
if is_match then
- log("info", "DANE validated ok using %s", tlsa:getUsage());
+ log("info", "DANE validated ok for %s using %s", host, tlsa:getUsage());
session.cert_identity_status = "valid";
if use == 3 then -- DANE-EE, chain status equals DNSSEC chain status
session.cert_chain_status = "valid";
@@ -219,7 +219,7 @@
break;
end
if is_match then
- log("info", "DANE validated ok using %s", tlsa:getUsage());
+ log("info", "DANE validated ok for %s using %s", host, tlsa:getUsage());
if use == 2 then -- DANE-TA
session.cert_identity_status = "valid";
session.cert_chain_status = "valid";
@@ -252,7 +252,7 @@
log("debug", "Comparing certificate with Secure SRV target %s", srv_target);
srv_target = nameprep(idna_to_unicode());
if srv_target and cert_verify_identity(srv_target, "xmpp-server", cert) then
- log("info", "Certificate matches Secure SRV target %s", srv_target);
+ log("info", "Certificate for %s matches Secure SRV target %s", host, srv_target);
session.cert_identity_status = "valid";
return;
end