comparison plugins/mod_s2s_auth_certs.lua @ 13423:3c219effe707

mod_s2s_auth_certs: Handle potential string error conn:ssl_peerverification() can now return a single error in case the connection has been closed for whatever reason
author Kim Alvefur <zash@zash.se>
date Wed, 21 Feb 2024 21:29:16 +0100
parents 874600c982bd
children
comparison
equal deleted inserted replaced
13422:3c80124452ed 13423:3c219effe707
1 module:set_global(); 1 module:set_global();
2 2
3 local cert_verify_identity = require "prosody.util.x509".verify_identity; 3 local cert_verify_identity = require "prosody.util.x509".verify_identity;
4 local NULL = {};
5 local log = module._log; 4 local log = module._log;
6 5
7 local measure_cert_statuses = module:metric("counter", "checked", "", "Certificate validation results", 6 local measure_cert_statuses = module:metric("counter", "checked", "", "Certificate validation results",
8 { "chain"; "identity" }) 7 { "chain"; "identity" })
9 8
21 20
22 local chain_valid, errors = conn:ssl_peerverification(); 21 local chain_valid, errors = conn:ssl_peerverification();
23 -- Is there any interest in printing out all/the number of errors here? 22 -- Is there any interest in printing out all/the number of errors here?
24 if not chain_valid then 23 if not chain_valid then
25 log("debug", "certificate chain validation result: invalid"); 24 log("debug", "certificate chain validation result: invalid");
26 for depth, t in pairs(errors or NULL) do 25 if type(errors) == "table" then
27 log("debug", "certificate error(s) at depth %d: %s", depth-1, table.concat(t, ", ")) 26 for depth, t in pairs(errors) do
27 log("debug", "certificate error(s) at depth %d: %s", depth-1, table.concat(t, ", "));
28 end
29 else
30 log("debug", "certificate error: %s", errors);
28 end 31 end
29 session.cert_chain_status = "invalid"; 32 session.cert_chain_status = "invalid";
30 session.cert_chain_errors = errors; 33 session.cert_chain_errors = errors;
31 else 34 else
32 log("debug", "certificate chain validation result: valid"); 35 log("debug", "certificate chain validation result: valid");