aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2023-04-30 23:45:55 +0200
committerKim Alvefur <zash@zash.se>2023-04-30 23:45:55 +0200
commit8a854d169b6f7e3f7af0db57da1010ff91c2ab69 (patch)
tree93c9d353e47c37c56a10c627652e6601b8f37998
parent693ac009db93fd14d15e465f5e11a77485037b09 (diff)
downloadprosody-8a854d169b6f7e3f7af0db57da1010ff91c2ab69.tar.gz
prosody-8a854d169b6f7e3f7af0db57da1010ff91c2ab69.zip
mod_admin_shell: Refactor 'cert' column
Removes some dead code and hopefully simplifies a bit. There's a tree of possibilities with the two tri-state status properties, something like chain: * nil -- cert validation disabled? * invalid -- something wrong with the chain (including ee cert) * valid -- chain ok cert: * nil -- incomplete validation?? * invalid -- mismatched names or such * valid -- all good!
-rw-r--r--plugins/mod_admin_shell.lua16
1 files changed, 12 insertions, 4 deletions
diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua
index 91104cd6..a3c12c37 100644
--- a/plugins/mod_admin_shell.lua
+++ b/plugins/mod_admin_shell.lua
@@ -902,17 +902,25 @@ available_columns = {
key = "cert_identity_status";
width = math.max(#"Expired", #"Self-signed", #"Untrusted", #"Mismatched", #"Unknown");
mapper = function(cert_status, session)
- if cert_status then return capitalize(cert_status); end
- if session.cert_chain_status == "invalid" then
+ if cert_status == "invalid" then
+ -- non-nil cert_identity_status implies valid chain, which covers just
+ -- about every error condition except mismatched certificate names
+ return "Mismatched";
+ elseif cert_status then
+ -- basically only "valid"
+ return capitalize(cert_status);
+ end
+ -- no certificate status,
+ if session.cert_chain_errors then
local cert_errors = set.new(session.cert_chain_errors[1]);
if cert_errors:contains("certificate has expired") then
return "Expired";
elseif cert_errors:contains("self signed certificate") then
return "Self-signed";
end
+ -- Some other cert issue, or something up the chain
+ -- TODO borrow more logic from mod_s2s/friendly_cert_error()
return "Untrusted";
- elseif session.cert_identity_status == "invalid" then
- return "Mismatched";
end
return "Unknown";
end;