Software / code / prosody
Changeset
13327:f0fc6e7cc4de
util.prosodyctl.check: Disable https cert check if http_external_url set
This would indicate that a reverse proxy is used, which gets to be
responsible for that since it probably holds the actual cert.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 13 Nov 2023 09:58:56 +0100 |
| parents | 13326:76b6556c0f67 |
| children | 13328:36284c879e2f |
| files | util/prosodyctl/check.lua |
| diffstat | 1 files changed, 4 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/util/prosodyctl/check.lua Mon Nov 13 09:50:06 2023 +0100 +++ b/util/prosodyctl/check.lua Mon Nov 13 09:58:56 2023 +0100 @@ -1189,6 +1189,10 @@ or contains_match(modules, "_web$"); local http_host = api(host):get_option_string("http_host", host); + if api(host):get_option_string("http_external_url") then + -- Assumed behind a reverse proxy + http_loaded = false; + end if http_loaded and not x509_verify_identity(http_host, nil, cert) then print(" Not valid for HTTPS connections to "..host..".") cert_ok = false
