aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2023-11-13 09:44:40 +0100
committerKim Alvefur <zash@zash.se>2023-11-13 09:44:40 +0100
commit5146db2da02de75a12fbf626f318e16b00683aae (patch)
treeed7fa993957f8e3397131c581692504f3b19b38b
parent8d137609a4d59817d2abeb629926b8612e150796 (diff)
downloadprosody-5146db2da02de75a12fbf626f318e16b00683aae.tar.gz
prosody-5146db2da02de75a12fbf626f318e16b00683aae.zip
util.prosodyctl.check: Update conditions for s2s cert checks
The 'anonymous_login' setting is deprecated and prosodyctl check config will tell you to change it to 'authentication = "internal_hashed"', so we shouldn't need to care about here anymore.
-rw-r--r--util/prosodyctl/check.lua6
1 files changed, 3 insertions, 3 deletions
diff --git a/util/prosodyctl/check.lua b/util/prosodyctl/check.lua
index 12c5b5c7..7ba0ccd0 100644
--- a/util/prosodyctl/check.lua
+++ b/util/prosodyctl/check.lua
@@ -1177,9 +1177,9 @@ local function check(arg)
print(" Not valid for client connections to "..host..".")
cert_ok = false
end
- if modules:contains("s2s") and (not (api(host):get_option_boolean("anonymous_login", false)
- or api(host):get_option_string("authentication", "internal_hashed") == "anonymous"))
- and not x509_verify_identity(host, "_xmpp-server", cert) then
+ local anon = api(host):get_option_string("authentication", "internal_hashed") == "anonymous";
+ local anon_s2s = api(host):get_option_boolean("allow_anonymous_s2s", false);
+ if modules:contains("s2s") and (anon_s2s or not anon) and not x509_verify_identity(host, "_xmpp-server", cert) then
print(" Not valid for server-to-server connections to "..host..".")
cert_ok = false
end