diff options
| author | Kim Alvefur <zash@zash.se> | 2015-09-24 20:02:57 +0200 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2015-09-24 20:02:57 +0200 |
| commit | 09672718bf5dbbbb326d5d804ff791d66395614b (patch) | |
| tree | 668f8ad3f6e7f5f1c05c1b3992812544ebc8d0a6 | |
| parent | 24cb9ec74d821589fb574ffcd3839cc5aa93c5a7 (diff) | |
| download | prosody-09672718bf5dbbbb326d5d804ff791d66395614b.tar.gz prosody-09672718bf5dbbbb326d5d804ff791d66395614b.zip | |
prosodyctl check: Warn if certificate checking is enforced but LuaSec is too old
| -rwxr-xr-x | prosodyctl | 24 |
1 files changed, 24 insertions, 0 deletions
@@ -925,6 +925,30 @@ function commands.check(arg) print(" Connections will fail."); ok = false; end + elseif not ssl.loadcertificate then + if all_options:contains("s2s_secure_auth") then + print(""); + print(" You have set s2s_secure_auth but your version of LuaSec does "); + print(" not support certificate validation, so all s2s connections will"); + print(" fail."); + ok = false; + elseif all_options:contains("s2s_secure_domains") then + local secure_domains = set.new(); + for host in enabled_hosts() do + if config[host].s2s_secure_auth == true then + secure_domains:add("*"); + else + secure_domains:include(set.new(config[host].s2s_secure_domains)); + end + end + if not secure_domains:empty() then + print(""); + print(" You have set s2s_secure_domains but your version of LuaSec does "); + print(" not support certificate validation, so s2s connections to/from "); + print(" these domains will fail."); + ok = false; + end + end end print("Done.\n"); |