aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2016-02-28 18:22:23 +0100
committerKim Alvefur <zash@zash.se>2016-02-28 18:22:23 +0100
commitda1e1f1556594579ebf0c96dd4676c6c688cabbe (patch)
tree3a231dfb7fdee9a8d32eeba0607b32b402d24ea3
parentb1e82b124c1689dca204bd533843984dbe369c77 (diff)
downloadprosody-da1e1f1556594579ebf0c96dd4676c6c688cabbe.tar.gz
prosody-da1e1f1556594579ebf0c96dd4676c6c688cabbe.zip
prosodyctl: check certs: Use certmanager to get the final ssl config in order to support the new certificate(s) config option
-rwxr-xr-xprosodyctl14
1 files changed, 7 insertions, 7 deletions
diff --git a/prosodyctl b/prosodyctl
index 95e091de..2972aa53 100755
--- a/prosodyctl
+++ b/prosodyctl
@@ -1197,6 +1197,7 @@ function commands.check(arg)
local cert_ok;
print"Checking certificates..."
local x509_verify_identity = require"util.x509".verify_identity;
+ local create_context = require "core.certmanager".create_context;
local ssl = dependencies.softreq"ssl";
-- local datetime_parse = require"util.datetime".parse_x509;
local load_cert = ssl and ssl.loadcertificate;
@@ -1211,13 +1212,12 @@ function commands.check(arg)
for host in enabled_hosts() do
print("Checking certificate for "..host);
-- First, let's find out what certificate this host uses.
- local ssl_config = config.rawget(host, "ssl");
- if not ssl_config then
- local base_host = host:match("%.(.*)");
- ssl_config = config.get(base_host, "ssl");
- end
- if not ssl_config then
- print(" No 'ssl' option defined for "..host)
+ local host_ssl_config = config.rawget(host, "ssl")
+ or config.rawget(host:match("%.(.*)"), "ssl");
+ local global_ssl_config = config.rawget("*", "ssl");
+ local ok, err, ssl_config = create_context(host, "server", host_ssl_config, global_ssl_config);
+ if not ok then
+ print(" Error: "..err);
cert_ok = false
elseif not ssl_config.certificate then
print(" No 'certificate' set in ssl option for "..host)