diff options
author | Kim Alvefur <zash@zash.se> | 2023-11-13 09:58:56 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2023-11-13 09:58:56 +0100 |
commit | e06c97ca525af2d40134737336322551f0ad77b4 (patch) | |
tree | a6cdbc9694e6f32b9a33e06537db3adc1803b77e | |
parent | 8dcd20725a32473f27429ec81c7b6994ffb274fe (diff) | |
download | prosody-e06c97ca525af2d40134737336322551f0ad77b4.tar.gz prosody-e06c97ca525af2d40134737336322551f0ad77b4.zip |
util.prosodyctl.check: Disable https cert check if http_external_url set
This would indicate that a reverse proxy is used, which gets to be
responsible for that since it probably holds the actual cert.
-rw-r--r-- | util/prosodyctl/check.lua | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/util/prosodyctl/check.lua b/util/prosodyctl/check.lua index 8e4a4dc5..5e7087c5 100644 --- a/util/prosodyctl/check.lua +++ b/util/prosodyctl/check.lua @@ -1189,6 +1189,10 @@ local function check(arg) or contains_match(modules, "_web$"); local http_host = api(host):get_option_string("http_host", host); + if api(host):get_option_string("http_external_url") then + -- Assumed behind a reverse proxy + http_loaded = false; + end if http_loaded and not x509_verify_identity(http_host, nil, cert) then print(" Not valid for HTTPS connections to "..host..".") cert_ok = false |