prosody
f32faaea3461
util/prosodyctl/check.lua
Software / code / prosody
Comparison
util/prosodyctl/check.lua @ 13325:f32faaea3461
util.prosodyctl.check: Update conditions for s2s cert checks
The 'anonymous_login' setting is deprecated and prosodyctl check config
will tell you to change it to 'authentication = "internal_hashed"', so
we shouldn't need to care about here anymore.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 13 Nov 2023 09:44:40 +0100 |
| parent | 13324:6f371066d6e0 |
| child | 13326:76b6556c0f67 |
comparison
equal
deleted
inserted
replaced
| 13324:6f371066d6e0 | 13325:f32faaea3461 |
|---|---|
| 1175 end | 1175 end |
| 1176 if modules:contains("c2s") and not x509_verify_identity(host, "_xmpp-client", cert) then | 1176 if modules:contains("c2s") and not x509_verify_identity(host, "_xmpp-client", cert) then |
| 1177 print(" Not valid for client connections to "..host..".") | 1177 print(" Not valid for client connections to "..host..".") |
| 1178 cert_ok = false | 1178 cert_ok = false |
| 1179 end | 1179 end |
| 1180 if modules:contains("s2s") and (not (api(host):get_option_boolean("anonymous_login", false) | 1180 local anon = api(host):get_option_string("authentication", "internal_hashed") == "anonymous"; |
| 1181 or api(host):get_option_string("authentication", "internal_hashed") == "anonymous")) | 1181 local anon_s2s = api(host):get_option_boolean("allow_anonymous_s2s", false); |
| 1182 and not x509_verify_identity(host, "_xmpp-server", cert) then | 1182 if modules:contains("s2s") and (anon_s2s or not anon) and not x509_verify_identity(host, "_xmpp-server", cert) then |
| 1183 print(" Not valid for server-to-server connections to "..host..".") | 1183 print(" Not valid for server-to-server connections to "..host..".") |
| 1184 cert_ok = false | 1184 cert_ok = false |
| 1185 end | 1185 end |
| 1186 if use_dane then | 1186 if use_dane then |
| 1187 if cert.pubkey then | 1187 if cert.pubkey then |
