mod_s2s: Fix reporting of DANE mismatch

Thought it was a case mismatch at first, fixed that, but it changed nothing because the error was in the leaf part of the errors, not the chain part.
author: Kim Alvefur <zash@zash.se> 2023-08-05 20:41:24 +0200
committer: Kim Alvefur <zash@zash.se> 2023-08-05 20:41:24 +0200
commit: b5d791c8bffcaa3e200876cb159ff92de2ba1c05 (patch)
tree: d3a05d7f4d5c8dc272b407febc233985c23920be
parent: f8a2c4d7abfb5e0817a495e17b0d61f46e7adfa8 (diff)
download: prosody-b5d791c8bffcaa3e200876cb159ff92de2ba1c05.tar.gz
prosody-b5d791c8bffcaa3e200876cb159ff92de2ba1c05.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/plugins/mod_s2s.lua b/plugins/mod_s2s.lua
index 73dd6812..33659b59 100644
--- a/plugins/mod_s2s.lua
+++ b/plugins/mod_s2s.lua
@@ -963,6 +963,8 @@ local function friendly_cert_error(session) --> string
 				return "has expired";
 			elseif cert_errors:contains("self signed certificate") then
 				return "is self-signed";
+			elseif cert_errors:contains("no matching DANE TLSA records") then
+				return "does not match any DANE TLSA records";
 			end
 
 			local chain_errors = set.new(session.cert_chain_errors[2]);
@@ -971,7 +973,7 @@ local function friendly_cert_error(session) --> string
 			end
 			if chain_errors:contains("certificate has expired") then
 				return "has an expired certificate chain";
-			elseif chain_errors:contains("No matching DANE TLSA records") then
+			elseif chain_errors:contains("no matching DANE TLSA records") then
 				return "does not match any DANE TLSA records";
 			end
 		end
author	Kim Alvefur <zash@zash.se>	2023-08-05 20:41:24 +0200
committer	Kim Alvefur <zash@zash.se>	2023-08-05 20:41:24 +0200
commit	b5d791c8bffcaa3e200876cb159ff92de2ba1c05 (patch)
tree	d3a05d7f4d5c8dc272b407febc233985c23920be
parent	f8a2c4d7abfb5e0817a495e17b0d61f46e7adfa8 (diff)
download	prosody-b5d791c8bffcaa3e200876cb159ff92de2ba1c05.tar.gz prosody-b5d791c8bffcaa3e200876cb159ff92de2ba1c05.zip