7 local measure_cert_statuses = module:metric("counter", "checked", "", "Certificate validation results", |
7 local measure_cert_statuses = module:metric("counter", "checked", "", "Certificate validation results", |
8 { "chain"; "identity" }) |
8 { "chain"; "identity" }) |
9 |
9 |
10 module:hook("s2s-check-certificate", function(event) |
10 module:hook("s2s-check-certificate", function(event) |
11 local session, host, cert = event.session, event.host, event.cert; |
11 local session, host, cert = event.session, event.host, event.cert; |
12 local conn = session.conn:socket(); |
12 local conn = session.conn; |
13 local log = session.log or log; |
13 local log = session.log or log; |
14 |
14 |
15 if not cert then |
15 if not cert then |
16 log("warn", "No certificate provided by %s", host or "unknown host"); |
16 log("warn", "No certificate provided by %s", host or "unknown host"); |
17 return; |
17 return; |
18 end |
18 end |
19 |
19 |
20 local chain_valid, errors; |
20 local chain_valid, errors; |
21 if conn.getpeerverification then |
21 if conn.ssl_peerverification then |
22 chain_valid, errors = conn:getpeerverification(); |
22 chain_valid, errors = conn:ssl_peerverification(); |
23 else |
23 else |
24 chain_valid, errors = false, { { "Chain verification not supported by this version of LuaSec" } }; |
24 chain_valid, errors = false, { { "Chain verification not supported by this version of LuaSec" } }; |
25 end |
25 end |
26 -- Is there any interest in printing out all/the number of errors here? |
26 -- Is there any interest in printing out all/the number of errors here? |
27 if not chain_valid then |
27 if not chain_valid then |