From 1d47e2fab1437d6a92e3e3084338425633520f2e Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 1 Apr 2025 20:49:58 +0200 Subject: mod_tls: Collect full certificate chain validation information Enabling at least one of the ssl.verifyext modes enables a callback that collects all the errors, which are used by mod_s2s to report better problem descriptions. --- plugins/mod_tls.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index ac215b81..a3af2f84 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -63,7 +63,8 @@ function module.load(reload) module:log("debug", "Creating context for s2sout"); -- for outgoing server connections - ssl_ctx_s2sout, err_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s, xmpp_alpn); + ssl_ctx_s2sout, err_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s, xmpp_alpn, + custom_cert_verification); if not ssl_ctx_s2sout then module:log("error", "Error creating contexts for s2sout: %s", err_s2sout); end module:log("debug", "Creating context for s2sin"); -- cgit v1.2.3