# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1443117777 -7200
# Node ID bb7854355df11f5e94eb3c17e926f873964bf8a3
# Parent  8946052e12d2d7ed519f24174dd8320f0a1e4f42
prosodyctl check: Warn if certificate checking is enforced but LuaSec is too old

diff -r 8946052e12d2 -r bb7854355df1 prosodyctl
--- a/prosodyctl	Thu Sep 24 20:02:00 2015 +0200
+++ b/prosodyctl	Thu Sep 24 20:02:57 2015 +0200
@@ -925,6 +925,30 @@
 				print("    Connections will fail.");
 				ok = false;
 			end
+		elseif not ssl.loadcertificate then
+			if all_options:contains("s2s_secure_auth") then
+				print("");
+				print("    You have set s2s_secure_auth but your version of LuaSec does ");
+				print("    not support certificate validation, so all s2s connections will");
+				print("    fail.");
+				ok = false;
+			elseif all_options:contains("s2s_secure_domains") then
+				local secure_domains = set.new();
+				for host in enabled_hosts() do
+					if config[host].s2s_secure_auth == true then
+						secure_domains:add("*");
+					else
+						secure_domains:include(set.new(config[host].s2s_secure_domains));
+					end
+				end
+				if not secure_domains:empty() then
+					print("");
+					print("    You have set s2s_secure_domains but your version of LuaSec does ");
+					print("    not support certificate validation, so s2s connections to/from ");
+					print("    these domains will fail.");
+					ok = false;
+				end
+			end
 		end
 		
 		print("Done.\n");