mod_tls: Collect full certificate chain validation information

Enabling at least one of the ssl.verifyext modes enables a callback that collects all the errors, which are used by mod_s2s to report better problem descriptions.
author: Kim Alvefur <zash@zash.se> 2025-04-01 20:49:58 +0200
committer: Kim Alvefur <zash@zash.se> 2025-04-01 20:49:58 +0200
commit: 1d47e2fab1437d6a92e3e3084338425633520f2e (patch)
tree: e7ef46a6b2116dae0f31e24061bbe417d6645301 /plugins
parent: 5dbd3b15e42f92d211569f21a10fbfa946ef5512 (diff)
download: prosody-1d47e2fab1437d6a92e3e3084338425633520f2e.tar.gz
prosody-1d47e2fab1437d6a92e3e3084338425633520f2e.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index ac215b81..a3af2f84 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -63,7 +63,8 @@ function module.load(reload)
 
 	module:log("debug", "Creating context for s2sout");
 	-- for outgoing server connections
-	ssl_ctx_s2sout, err_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s, xmpp_alpn);
+	ssl_ctx_s2sout, err_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s, xmpp_alpn,
+		custom_cert_verification);
 	if not ssl_ctx_s2sout then module:log("error", "Error creating contexts for s2sout: %s", err_s2sout); end
 
 	module:log("debug", "Creating context for s2sin");
author	Kim Alvefur <zash@zash.se>	2025-04-01 20:49:58 +0200
committer	Kim Alvefur <zash@zash.se>	2025-04-01 20:49:58 +0200
commit	1d47e2fab1437d6a92e3e3084338425633520f2e (patch)
tree	e7ef46a6b2116dae0f31e24061bbe417d6645301 /plugins
parent	5dbd3b15e42f92d211569f21a10fbfa946ef5512 (diff)
download	prosody-1d47e2fab1437d6a92e3e3084338425633520f2e.tar.gz prosody-1d47e2fab1437d6a92e3e3084338425633520f2e.zip