mod_s2s: Add COMPAT cahin verification code for older LuaSec versions

diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index 639f464bcf52ed1ea3302c90feb4acde33e189ce..1547345de59d76847a692c89bb172a965c4fb692 100644 (file)
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -15,6 +15,7 @@ local core_process_stanza = prosody.core_process_stanza;
 local tostring, type = tostring, type;
 local t_insert = table.insert;
 local xpcall, traceback = xpcall, debug.traceback;
+local NULL = {};
 
 local add_task = require "util.timer".add_task;
 local st = require "util.stanza";
@@ -226,11 +227,19 @@ local function check_cert_status(session)
        end
 
        if cert then
-               local chain_valid, errors = conn:getpeerverification()
+               local chain_valid, errors;
+               if conn.getpeerverification then
+                       chain_valid, errors = conn:getpeerverification();
+               elseif conn.getpeerchainvalid then -- COMPAT mw/luasec-hg
+                       chain_valid, errors = conn:getpeerchainvalid();
+                       errors = (not chain_valid) and { { errors } } or nil;
+               else
+                       chain_valid, errors = false, { { "Chain verification not supported by this version of LuaSec" } };
+               end
                -- Is there any interest in printing out all/the number of errors here?
                if not chain_valid then
                        (session.log or log)("debug", "certificate chain validation result: invalid");
-                       for depth, t in ipairs(errors) do
+                       for depth, t in ipairs(errors or NULL) do
                                (session.log or log)("debug", "certificate error(s) at depth %d: %s", depth-1, table.concat(t, ", "))
                        end
                        session.cert_chain_status = "invalid";