Software /
code /
prosody
Diff
util/prosodyctl/check.lua @ 11615:8e16fd976c57
util.prosodyctl.check: Add support for checking Direct TLS SRV records
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 20 Jun 2021 17:11:19 +0200 |
parent | 11613:c8a9f77d48fd |
child | 11616:cd4006709493 |
line wrap: on
line diff
--- a/util/prosodyctl/check.lua Sun Jun 20 16:51:08 2021 +0200 +++ b/util/prosodyctl/check.lua Sun Jun 20 17:11:19 2021 +0200 @@ -233,14 +233,18 @@ local ip = require "util.ip"; local c2s_ports = set.new(configmanager.get("*", "c2s_ports") or {5222}); local s2s_ports = set.new(configmanager.get("*", "s2s_ports") or {5269}); + local c2s_tls_ports = set.new(configmanager.get("*", "direct_tls_ports") or {}); - local c2s_srv_required, s2s_srv_required; + local c2s_srv_required, s2s_srv_required, c2s_tls_srv_required; if not c2s_ports:contains(5222) then c2s_srv_required = true; end if not s2s_ports:contains(5269) then s2s_srv_required = true; end + if not c2s_tls_ports:empty() then + c2s_tls_srv_required = true; + end local problem_hosts = set.new(); @@ -321,6 +325,24 @@ end end end + if modules:contains("c2s") and c2s_tls_srv_required then + local res = dns.lookup("_xmpps-client._tcp."..idna.to_ascii(host)..".", "SRV"); + if res and #res > 0 then + for _, record in ipairs(res) do + if record.srv.target == "." then -- TODO is this an error if mod_c2s is enabled? + print(" 'xmpps-client' service disabled by pointing to '.'"); -- FIXME Explain better what this is + break; + end + target_hosts:add(record.srv.target); + if not c2s_tls_ports:contains(record.srv.port) then + print(" SRV target "..record.srv.target.." contains unknown Direct TLS client port: "..record.srv.port); + end + end + else + print(" No _xmpps-client SRV record found for "..host..", but it looks like you need one."); + all_targets_ok = false; + end + end if modules:contains("s2s") then local res = dns.lookup("_xmpp-server._tcp."..idna.to_ascii(host)..".", "SRV"); if res and #res > 0 then