diff options
author | Kim Alvefur <zash@zash.se> | 2023-04-30 23:45:55 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2023-04-30 23:45:55 +0200 |
commit | 8a854d169b6f7e3f7af0db57da1010ff91c2ab69 (patch) | |
tree | 93c9d353e47c37c56a10c627652e6601b8f37998 | |
parent | 693ac009db93fd14d15e465f5e11a77485037b09 (diff) | |
download | prosody-8a854d169b6f7e3f7af0db57da1010ff91c2ab69.tar.gz prosody-8a854d169b6f7e3f7af0db57da1010ff91c2ab69.zip |
mod_admin_shell: Refactor 'cert' column
Removes some dead code and hopefully simplifies a bit.
There's a tree of possibilities with the two tri-state status
properties, something like
chain:
* nil -- cert validation disabled?
* invalid -- something wrong with the chain (including ee cert)
* valid -- chain ok
cert:
* nil -- incomplete validation??
* invalid -- mismatched names or such
* valid -- all good!
-rw-r--r-- | plugins/mod_admin_shell.lua | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua index 91104cd6..a3c12c37 100644 --- a/plugins/mod_admin_shell.lua +++ b/plugins/mod_admin_shell.lua @@ -902,17 +902,25 @@ available_columns = { key = "cert_identity_status"; width = math.max(#"Expired", #"Self-signed", #"Untrusted", #"Mismatched", #"Unknown"); mapper = function(cert_status, session) - if cert_status then return capitalize(cert_status); end - if session.cert_chain_status == "invalid" then + if cert_status == "invalid" then + -- non-nil cert_identity_status implies valid chain, which covers just + -- about every error condition except mismatched certificate names + return "Mismatched"; + elseif cert_status then + -- basically only "valid" + return capitalize(cert_status); + end + -- no certificate status, + if session.cert_chain_errors then local cert_errors = set.new(session.cert_chain_errors[1]); if cert_errors:contains("certificate has expired") then return "Expired"; elseif cert_errors:contains("self signed certificate") then return "Self-signed"; end + -- Some other cert issue, or something up the chain + -- TODO borrow more logic from mod_s2s/friendly_cert_error() return "Untrusted"; - elseif session.cert_identity_status == "invalid" then - return "Mismatched"; end return "Unknown"; end; |