Software / code / prosody
Changeset
6845:bb7854355df1
prosodyctl check: Warn if certificate checking is enforced but LuaSec is too old
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 24 Sep 2015 20:02:57 +0200 |
| parents | 6844:8946052e12d2 |
| children | 6846:7eb166fa1f26 |
| files | prosodyctl |
| diffstat | 1 files changed, 24 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/prosodyctl Thu Sep 24 20:02:00 2015 +0200 +++ b/prosodyctl Thu Sep 24 20:02:57 2015 +0200 @@ -925,6 +925,30 @@ print(" Connections will fail."); ok = false; end + elseif not ssl.loadcertificate then + if all_options:contains("s2s_secure_auth") then + print(""); + print(" You have set s2s_secure_auth but your version of LuaSec does "); + print(" not support certificate validation, so all s2s connections will"); + print(" fail."); + ok = false; + elseif all_options:contains("s2s_secure_domains") then + local secure_domains = set.new(); + for host in enabled_hosts() do + if config[host].s2s_secure_auth == true then + secure_domains:add("*"); + else + secure_domains:include(set.new(config[host].s2s_secure_domains)); + end + end + if not secure_domains:empty() then + print(""); + print(" You have set s2s_secure_domains but your version of LuaSec does "); + print(" not support certificate validation, so s2s connections to/from "); + print(" these domains will fail."); + ok = false; + end + end end print("Done.\n");
