Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_s2s: Distinguish DANE TLSA errors from generic cert chain errors
authorKim Alvefur <zash@zash.se>
Mon, 25 Apr 2022 14:41:54 +0200
changeset 12477 bb85be686a01
parent 12476 48121960983e
child 12480 d8a6e03a7161
mod_s2s: Distinguish DANE TLSA errors from generic cert chain errors Otherwise it would just report "is not trusted" unless you inspect the logs. This message is sent to to the remote server, and will hopefully show up in their logs, allowing the admin to fix their DANE setup.
plugins/mod_s2s.lua file | annotate | diff | comparison | revisions 
--- a/plugins/mod_s2s.lua	Mon Apr 25 14:36:56 2022 +0200
+++ b/plugins/mod_s2s.lua	Mon Apr 25 14:41:54 2022 +0200
@@ -925,6 +925,8 @@
 			end
 			if chain_errors:contains("certificate has expired") then
 				return "has an expired certificate chain";
+			elseif chain_errors:contains("No matching DANE TLSA records") then
+				return "does not match any DANE TLSA records";
 			end
 		end
 		return "is not trusted"; -- for some other reason
prosody