Software /
code /
prosody
Changeset
11776:1132a1f1ca5a
util.prosodyctl.check: Check for server-to-server Direct TLS records
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 09 Sep 2021 22:09:41 +0200 |
parents | 11775:af9c7f3f4735 |
children | 11777:08de090e05e9 |
files | util/prosodyctl/check.lua |
diffstat | 1 files changed, 24 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/util/prosodyctl/check.lua Thu Sep 09 21:59:02 2021 +0200 +++ b/util/prosodyctl/check.lua Thu Sep 09 22:09:41 2021 +0200 @@ -311,8 +311,9 @@ local c2s_ports = set.new(configmanager.get("*", "c2s_ports") or {5222}); local s2s_ports = set.new(configmanager.get("*", "s2s_ports") or {5269}); local c2s_tls_ports = set.new(configmanager.get("*", "direct_tls_ports") or {}); + local s2s_tls_ports = set.new(configmanager.get("*", "s2s_direct_tls_ports") or {}); - local c2s_srv_required, s2s_srv_required, c2s_tls_srv_required; + local c2s_srv_required, s2s_srv_required, c2s_tls_srv_required, s2s_tls_srv_required; if not c2s_ports:contains(5222) then c2s_srv_required = true; end @@ -322,6 +323,9 @@ if not c2s_tls_ports:empty() then c2s_tls_srv_required = true; end + if not s2s_tls_ports:empty() then + s2s_tls_srv_required = true; + end local problem_hosts = set.new(); @@ -449,6 +453,25 @@ end end end + if modules:contains("s2s") and s2s_tls_srv_required then + local res = dns.lookup("_xmpps-server._tcp."..idna.to_ascii(host)..".", "SRV"); + if res and #res > 0 then + for _, record in ipairs(res) do + if record.srv.target == "." then -- TODO is this an error if mod_s2s is enabled? + print(" 'xmpps-server' service disabled by pointing to '.'"); -- FIXME Explain better what this is + break; + end + local target = trim_dns_name(record.srv.target); + target_hosts:add(target); + if not s2s_tls_ports:contains(record.srv.port) then + print(" SRV target "..target.." contains unknown Direct TLS server port: "..record.srv.port); + end + end + else + print(" No _xmpps-server SRV record found for "..host..", but it looks like you need one."); + all_targets_ok = false; + end + end if target_hosts:empty() then target_hosts:add(host); end