From 449813a79ee6aeb2f0a3c239b3e9c09df0634f0d Mon Sep 17 00:00:00 2001
From: Paul Aurich <paul@darkrain42.org>
Date: Sat, 28 Apr 2012 08:35:34 -0700
Subject: mod_s2s: Log certificate errors, for troubleshooting goodness

---
 plugins/s2s/mod_s2s.lua | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'plugins/s2s')

diff --git a/plugins/s2s/mod_s2s.lua b/plugins/s2s/mod_s2s.lua
index f44ab43d..cee7d6f6 100644
--- a/plugins/s2s/mod_s2s.lua
+++ b/plugins/s2s/mod_s2s.lua
@@ -134,6 +134,9 @@ local function check_cert_status(session)
 		-- Is there any interest in printing out all/the number of errors here?
 		if not chain_valid then
 			(session.log or log)("debug", "certificate chain validation result: invalid");
+			for depth, t in ipairs(errors) do
+				(session.log or log)("debug", "certificate error(s) at depth %d: %s", depth-1, table.concat(t, ", "))
+			end
 			session.cert_chain_status = "invalid";
 		else
 			(session.log or log)("debug", "certificate chain validation result: valid");
-- 
cgit v1.2.3