Comparison

prosodyctl @ 6845:bb7854355df1

prosodyctl check: Warn if certificate checking is enforced but LuaSec is too old
author Kim Alvefur <zash@zash.se>
date Thu, 24 Sep 2015 20:02:57 +0200
parent 6844:8946052e12d2
child 6914:5df76208e050
comparison
equal deleted inserted replaced
6844:8946052e12d2 6845:bb7854355df1
922 if not set.intersection(all_options, set.new({"require_encryption", "c2s_require_encryption", "s2s_require_encryption"})):empty() then 922 if not set.intersection(all_options, set.new({"require_encryption", "c2s_require_encryption", "s2s_require_encryption"})):empty() then
923 print(""); 923 print("");
924 print(" You require encryption but LuaSec is not available."); 924 print(" You require encryption but LuaSec is not available.");
925 print(" Connections will fail."); 925 print(" Connections will fail.");
926 ok = false; 926 ok = false;
927 end
928 elseif not ssl.loadcertificate then
929 if all_options:contains("s2s_secure_auth") then
930 print("");
931 print(" You have set s2s_secure_auth but your version of LuaSec does ");
932 print(" not support certificate validation, so all s2s connections will");
933 print(" fail.");
934 ok = false;
935 elseif all_options:contains("s2s_secure_domains") then
936 local secure_domains = set.new();
937 for host in enabled_hosts() do
938 if config[host].s2s_secure_auth == true then
939 secure_domains:add("*");
940 else
941 secure_domains:include(set.new(config[host].s2s_secure_domains));
942 end
943 end
944 if not secure_domains:empty() then
945 print("");
946 print(" You have set s2s_secure_domains but your version of LuaSec does ");
947 print(" not support certificate validation, so s2s connections to/from ");
948 print(" these domains will fail.");
949 ok = false;
950 end
927 end 951 end
928 end 952 end
929 953
930 print("Done.\n"); 954 print("Done.\n");
931 end 955 end