aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2015-09-24 20:02:57 +0200
committerKim Alvefur <zash@zash.se>2015-09-24 20:02:57 +0200
commiteb5aa38412c052e2d6aa8d99dcc32817a7836795 (patch)
tree668f8ad3f6e7f5f1c05c1b3992812544ebc8d0a6
parentdd3368d55b9a5c85938c90ebb92f7b60e0c0df2e (diff)
downloadprosody-eb5aa38412c052e2d6aa8d99dcc32817a7836795.tar.gz
prosody-eb5aa38412c052e2d6aa8d99dcc32817a7836795.zip
prosodyctl check: Warn if certificate checking is enforced but LuaSec is too old
-rwxr-xr-xprosodyctl24
1 files changed, 24 insertions, 0 deletions
diff --git a/prosodyctl b/prosodyctl
index ac0b7cd0..e4e22322 100755
--- a/prosodyctl
+++ b/prosodyctl
@@ -925,6 +925,30 @@ function commands.check(arg)
print(" Connections will fail.");
ok = false;
end
+ elseif not ssl.loadcertificate then
+ if all_options:contains("s2s_secure_auth") then
+ print("");
+ print(" You have set s2s_secure_auth but your version of LuaSec does ");
+ print(" not support certificate validation, so all s2s connections will");
+ print(" fail.");
+ ok = false;
+ elseif all_options:contains("s2s_secure_domains") then
+ local secure_domains = set.new();
+ for host in enabled_hosts() do
+ if config[host].s2s_secure_auth == true then
+ secure_domains:add("*");
+ else
+ secure_domains:include(set.new(config[host].s2s_secure_domains));
+ end
+ end
+ if not secure_domains:empty() then
+ print("");
+ print(" You have set s2s_secure_domains but your version of LuaSec does ");
+ print(" not support certificate validation, so s2s connections to/from ");
+ print(" these domains will fail.");
+ ok = false;
+ end
+ end
end
print("Done.\n");