Software / code / prosody
Changeset
13325:f32faaea3461
util.prosodyctl.check: Update conditions for s2s cert checks
The 'anonymous_login' setting is deprecated and prosodyctl check config
will tell you to change it to 'authentication = "internal_hashed"', so
we shouldn't need to care about here anymore.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 13 Nov 2023 09:44:40 +0100 |
| parents | 13324:6f371066d6e0 |
| children | 13326:76b6556c0f67 |
| files | util/prosodyctl/check.lua |
| diffstat | 1 files changed, 3 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/util/prosodyctl/check.lua Mon Nov 13 09:43:54 2023 +0100 +++ b/util/prosodyctl/check.lua Mon Nov 13 09:44:40 2023 +0100 @@ -1177,9 +1177,9 @@ print(" Not valid for client connections to "..host..".") cert_ok = false end - if modules:contains("s2s") and (not (api(host):get_option_boolean("anonymous_login", false) - or api(host):get_option_string("authentication", "internal_hashed") == "anonymous")) - and not x509_verify_identity(host, "_xmpp-server", cert) then + local anon = api(host):get_option_string("authentication", "internal_hashed") == "anonymous"; + local anon_s2s = api(host):get_option_boolean("allow_anonymous_s2s", false); + if modules:contains("s2s") and (anon_s2s or not anon) and not x509_verify_identity(host, "_xmpp-server", cert) then print(" Not valid for server-to-server connections to "..host..".") cert_ok = false end
