From cc49e02caeb7f658f01ddea2822b1fa1a2d0d7f6 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Tue, 5 Oct 2021 16:30:41 +0200
Subject: mod_s2s_auth_certs: Collect stats on validation results (for #975)

---
 plugins/mod_s2s_auth_certs.lua | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'plugins')

diff --git a/plugins/mod_s2s_auth_certs.lua b/plugins/mod_s2s_auth_certs.lua
index 37519aa1..992ee934 100644
--- a/plugins/mod_s2s_auth_certs.lua
+++ b/plugins/mod_s2s_auth_certs.lua
@@ -4,6 +4,9 @@ local cert_verify_identity = require "util.x509".verify_identity;
 local NULL = {};
 local log = module._log;
 
+local measure_cert_statuses = module:metric("counter", "checked", "", "Certificate validation results",
+	{ "chain"; "identity" })
+
 module:hook("s2s-check-certificate", function(event)
 	local session, host, cert = event.session, event.host, event.cert;
 	local conn = session.conn:socket();
@@ -43,5 +46,6 @@ module:hook("s2s-check-certificate", function(event)
 			log("debug", "certificate identity validation result: %s", session.cert_identity_status);
 		end
 	end
+	measure_cert_statuses:with_labels(session.cert_chain_status or "unknown", session.cert_identity_status or "unknown"):add(1);
 end, 509);
 
-- 
cgit v1.2.3