diff mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 1437:161bbe0b9dd3

mod_s2s_auth_dane: Tweak log messages
author Kim Alvefur <zash@zash.se>
date Sun, 15 Jun 2014 02:40:18 +0200
parents 3944e364ba88
children 72ef98818b90
line wrap: on
line diff
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Fri Jun 13 02:19:52 2014 +0200
+++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Sun Jun 15 02:40:18 2014 +0200
@@ -174,7 +174,7 @@
 end
 
 module:hook("s2s-check-certificate", function(event)
-	local session, cert = event.session, event.cert;
+	local session, cert, host = event.session, event.cert, event.host;
 	if not cert then return end
 	local log = session.log or module._log;
 	local dane = session.dane;
@@ -182,7 +182,7 @@
 		local use, tlsa, match_found, supported_found, chain, leafcert, cacert, is_match;
 		for i = 1, #dane do
 			tlsa = dane[i].tlsa;
-			module:log("debug", "TLSA #%d %s %s %s %d bytes of data", i, tlsa:getUsage(), tlsa:getSelector(), tlsa:getMatchType(), #tlsa.data);
+			module:log("debug", "TLSA #%d: %s", i, tostring(tlsa))
 			use = tlsa.use;
 
 			if enabled_uses:contains(use) then
@@ -194,7 +194,7 @@
 						supported_found = true;
 					end
 					if is_match then
-						log("info", "DANE validated ok using %s", tlsa:getUsage());
+						log("info", "DANE validated ok for %s using %s", host, tlsa:getUsage());
 						session.cert_identity_status = "valid";
 						if use == 3 then -- DANE-EE, chain status equals DNSSEC chain status
 							session.cert_chain_status = "valid";
@@ -219,7 +219,7 @@
 							break;
 						end
 						if is_match then
-							log("info", "DANE validated ok using %s", tlsa:getUsage());
+							log("info", "DANE validated ok for %s using %s", host, tlsa:getUsage());
 							if use == 2 then -- DANE-TA
 								session.cert_identity_status = "valid";
 								session.cert_chain_status = "valid";
@@ -252,7 +252,7 @@
 				log("debug", "Comparing certificate with Secure SRV target %s", srv_target);
 				srv_target = nameprep(idna_to_unicode());
 				if srv_target and cert_verify_identity(srv_target, "xmpp-server", cert) then
-					log("info", "Certificate matches Secure SRV target %s", srv_target);
+					log("info", "Certificate for %s matches Secure SRV target %s", host, srv_target);
 					session.cert_identity_status = "valid";
 					return;
 				end