# HG changeset patch # User Thibaut Girka # Date 1547816765 -3600 # Node ID 5f2eeebcf8996075193007a7cae5d6030503915f # Parent a5a50cd3438616e53e8ae5dfb99cfa1d1f556c79 mod_client_certs: do not crash on plain sockets In some situations (e.g., reverse-proxied websocket), non-TLS sockets can be marked as secure, causing mod_client_certs to call the undefined method getpeercertificate and crash. diff -r a5a50cd34386 -r 5f2eeebcf899 mod_client_certs/mod_client_certs.lua --- a/mod_client_certs/mod_client_certs.lua Fri Jan 18 02:16:03 2019 +0100 +++ b/mod_client_certs/mod_client_certs.lua Fri Jan 18 14:06:05 2019 +0100 @@ -94,7 +94,7 @@ local disabled_cert_pem = info.pem; for _, session in pairs(sessions) do - if session and session.conn then + if session and session.conn and session.conn:socket().getpeercertificate then local cert = session.conn:socket():getpeercertificate(); if cert and cert:pem() == disabled_cert_pem then @@ -336,7 +336,12 @@ module:hook("stream-features", function(event) local session, features = event.origin, event.features; if session.secure and session.type == "c2s_unauthed" then - local cert = session.conn:socket():getpeercertificate(); + local socket = session.conn:socket(); + if not socket.getpeercertificate then + module:log("debug", "Not a TLS socket"); + return + end + local cert = socket:getpeercertificate(); if not cert then module:log("error", "No Client Certificate"); return