6 files changed, 8 insertions, 5 deletions

diff --git a/core/moduleapi.lua b/core/moduleapi.lua
index 31d1b1bd..fa5086cf 100644
--- a/core/moduleapi.lua
+++ b/core/moduleapi.lua
@@ -653,6 +653,7 @@ end
 function api:metric(type_, name, unit, description, label_keys, conf)
 	local metric = require "prosody.core.statsmanager".metric;
 	local is_scoped = self.host ~= "*"
+	label_keys = label_keys or {};
 	if is_scoped then
 		-- prepend `host` label to label keys if this is not a global module
 		local orig_labels = label_keys
diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua
index d085ce43..e6b44f00 100644
--- a/plugins/mod_admin_shell.lua
+++ b/plugins/mod_admin_shell.lua
@@ -978,7 +978,7 @@ available_columns = {
 				return capitalize(cert_status);
 			end
 			-- no certificate status,
-			if session.cert_chain_errors then
+			if type(session.cert_chain_errors) == "table" then
 				local cert_errors = set.new(session.cert_chain_errors[1]);
 				if cert_errors:contains("certificate has expired") then
 					return "Expired";
@@ -989,6 +989,7 @@ available_columns = {
 				-- TODO borrow more logic from mod_s2s/friendly_cert_error()
 				return "Untrusted";
 			end
+			-- TODO cert_chain_errors can be a string, handle that
 			return "Unknown";
 		end;
 	};
diff --git a/plugins/mod_csi.lua b/plugins/mod_csi.lua
index 7a1857c0..73c081b1 100644
--- a/plugins/mod_csi.lua
+++ b/plugins/mod_csi.lua
@@ -3,7 +3,7 @@ local xmlns_csi = "urn:xmpp:csi:0";
 local csi_feature = st.stanza("csi", { xmlns = xmlns_csi });
 
 local change = module:metric("counter", "changes", "events", "CSI state changes", {"csi_state"});
-local count = module:metric("gauge", "state", "sessions", "", { "state" });
+local count = module:metric("gauge", "state", "sessions", "", { "csi_state" });
 
 module:hook("stream-features", function (event)
 	if event.origin.username then
diff --git a/plugins/mod_invites.lua b/plugins/mod_invites.lua
index 559170cc..5ee9430a 100644
--- a/plugins/mod_invites.lua
+++ b/plugins/mod_invites.lua
@@ -193,7 +193,7 @@ function get(token, username)
 		type = token_info and token_info.type or "roster";
 		uri = token_info and token_info.uri or get_uri("roster", username.."@"..module.host, token);
 		additional_data = token_info and token_info.additional_data or nil;
-		reusable = token_info.reusable;
+		reusable = token_info and token_info.reusable or false;
 	}, valid_invite_mt);
 end
 
diff --git a/plugins/mod_s2s.lua b/plugins/mod_s2s.lua
index 660b5828..04fd5bc3 100644
--- a/plugins/mod_s2s.lua
+++ b/plugins/mod_s2s.lua
@@ -986,7 +986,7 @@ end
 -- Complete the sentence "Your certificate " with what's wrong
 local function friendly_cert_error(session) --> string
 	if session.cert_chain_status == "invalid" then
-		if session.cert_chain_errors then
+		if type(session.cert_chain_errors) == "table" then
 			local cert_errors = set.new(session.cert_chain_errors[1]);
 			if cert_errors:contains("certificate has expired") then
 				return "has expired";
@@ -1006,6 +1006,7 @@ local function friendly_cert_error(session) --> string
 				return "does not match any DANE TLSA records";
 			end
 		end
+		-- TODO cert_chain_errors can be a string, handle that
 		return "is not trusted"; -- for some other reason
 	elseif session.cert_identity_status == "invalid" then
 		return "is not valid for this name";
diff --git a/util/prosodyctl/cert.lua b/util/prosodyctl/cert.lua
index aea61c20..70c09443 100644
--- a/util/prosodyctl/cert.lua
+++ b/util/prosodyctl/cert.lua
@@ -163,7 +163,7 @@ local function copy(from, to, umask, owner, group)
 	local attrs = lfs.attributes(to);
 	if attrs then -- Move old file out of the way
 		local backup = to..".bkp~"..os.date("%FT%T", attrs.change);
-		os.rename(to, backup);
+		assert(os.rename(to, backup));
 	end
 	-- FIXME friendlier error handling, maybe move above backup back?
 	local input = assert(io.open(from));