From 8362c4824ed6469ca89c187a1df654d10777d270 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Mon, 26 Aug 2024 19:21:03 +0200
Subject: mod_s2s: Fix traceback due to type confusion (Thanks Menel)

The code assumed a 2-d sparse array but it could also be a string.
---
 plugins/mod_s2s.lua | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'plugins')

diff --git a/plugins/mod_s2s.lua b/plugins/mod_s2s.lua
index 660b5828..04fd5bc3 100644
--- a/plugins/mod_s2s.lua
+++ b/plugins/mod_s2s.lua
@@ -986,7 +986,7 @@ end
 -- Complete the sentence "Your certificate " with what's wrong
 local function friendly_cert_error(session) --> string
 	if session.cert_chain_status == "invalid" then
-		if session.cert_chain_errors then
+		if type(session.cert_chain_errors) == "table" then
 			local cert_errors = set.new(session.cert_chain_errors[1]);
 			if cert_errors:contains("certificate has expired") then
 				return "has expired";
@@ -1006,6 +1006,7 @@ local function friendly_cert_error(session) --> string
 				return "does not match any DANE TLSA records";
 			end
 		end
+		-- TODO cert_chain_errors can be a string, handle that
 		return "is not trusted"; -- for some other reason
 	elseif session.cert_identity_status == "invalid" then
 		return "is not valid for this name";
-- 
cgit v1.2.3