diff options
author | Kim Alvefur <zash@zash.se> | 2016-02-28 18:22:23 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2016-02-28 18:22:23 +0100 |
commit | da1e1f1556594579ebf0c96dd4676c6c688cabbe (patch) | |
tree | 3a231dfb7fdee9a8d32eeba0607b32b402d24ea3 | |
parent | b1e82b124c1689dca204bd533843984dbe369c77 (diff) | |
download | prosody-da1e1f1556594579ebf0c96dd4676c6c688cabbe.tar.gz prosody-da1e1f1556594579ebf0c96dd4676c6c688cabbe.zip |
prosodyctl: check certs: Use certmanager to get the final ssl config in order to support the new certificate(s) config option
-rwxr-xr-x | prosodyctl | 14 |
1 files changed, 7 insertions, 7 deletions
@@ -1197,6 +1197,7 @@ function commands.check(arg) local cert_ok; print"Checking certificates..." local x509_verify_identity = require"util.x509".verify_identity; + local create_context = require "core.certmanager".create_context; local ssl = dependencies.softreq"ssl"; -- local datetime_parse = require"util.datetime".parse_x509; local load_cert = ssl and ssl.loadcertificate; @@ -1211,13 +1212,12 @@ function commands.check(arg) for host in enabled_hosts() do print("Checking certificate for "..host); -- First, let's find out what certificate this host uses. - local ssl_config = config.rawget(host, "ssl"); - if not ssl_config then - local base_host = host:match("%.(.*)"); - ssl_config = config.get(base_host, "ssl"); - end - if not ssl_config then - print(" No 'ssl' option defined for "..host) + local host_ssl_config = config.rawget(host, "ssl") + or config.rawget(host:match("%.(.*)"), "ssl"); + local global_ssl_config = config.rawget("*", "ssl"); + local ok, err, ssl_config = create_context(host, "server", host_ssl_config, global_ssl_config); + if not ok then + print(" Error: "..err); cert_ok = false elseif not ssl_config.certificate then print(" No 'certificate' set in ssl option for "..host) |