Mercurial > prosody-modules
comparison mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 1507:6ea13869753f
mod_s2s_auth_dane: Include hostname when logging a failure
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 16 Sep 2014 19:55:54 +0200 |
| parents | a40f9b8661d8 |
| children | aed20f9e78c8 |
comparison
equal
deleted
inserted
replaced
| 1506:a40f9b8661d8 | 1507:6ea13869753f |
|---|---|
| 240 -- No TLSA matched or response was bogus | 240 -- No TLSA matched or response was bogus |
| 241 local why = "No TLSA matched certificate"; | 241 local why = "No TLSA matched certificate"; |
| 242 if dane.bogus then | 242 if dane.bogus then |
| 243 why = "Bogus: "..tostring(dane.bogus); | 243 why = "Bogus: "..tostring(dane.bogus); |
| 244 end | 244 end |
| 245 log("warn", "DANE validation failed: %s", why); | 245 log("warn", "DANE validation failed for %s: %s", host, why); |
| 246 session.cert_identity_status = "invalid"; | 246 session.cert_identity_status = "invalid"; |
| 247 session.cert_chain_status = "invalid"; | 247 session.cert_chain_status = "invalid"; |
| 248 end | 248 end |
| 249 else | 249 else |
| 250 if session.cert_chain_status == "valid" and session.cert_identity_status ~= "valid" | 250 if session.cert_chain_status == "valid" and session.cert_identity_status ~= "valid" |