aboutsummaryrefslogtreecommitdiffstats
path: root/prosodyctl
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2015-09-24 20:02:57 +0200
committerKim Alvefur <zash@zash.se>2015-09-24 20:02:57 +0200
commit09672718bf5dbbbb326d5d804ff791d66395614b (patch)
tree668f8ad3f6e7f5f1c05c1b3992812544ebc8d0a6 /prosodyctl
parent24cb9ec74d821589fb574ffcd3839cc5aa93c5a7 (diff)
downloadprosody-09672718bf5dbbbb326d5d804ff791d66395614b.tar.gz
prosody-09672718bf5dbbbb326d5d804ff791d66395614b.zip
prosodyctl check: Warn if certificate checking is enforced but LuaSec is too old
Diffstat (limited to 'prosodyctl')
-rwxr-xr-xprosodyctl24
1 files changed, 24 insertions, 0 deletions
diff --git a/prosodyctl b/prosodyctl
index ac0b7cd0..e4e22322 100755
--- a/prosodyctl
+++ b/prosodyctl
@@ -925,6 +925,30 @@ function commands.check(arg)
print(" Connections will fail.");
ok = false;
end
+ elseif not ssl.loadcertificate then
+ if all_options:contains("s2s_secure_auth") then
+ print("");
+ print(" You have set s2s_secure_auth but your version of LuaSec does ");
+ print(" not support certificate validation, so all s2s connections will");
+ print(" fail.");
+ ok = false;
+ elseif all_options:contains("s2s_secure_domains") then
+ local secure_domains = set.new();
+ for host in enabled_hosts() do
+ if config[host].s2s_secure_auth == true then
+ secure_domains:add("*");
+ else
+ secure_domains:include(set.new(config[host].s2s_secure_domains));
+ end
+ end
+ if not secure_domains:empty() then
+ print("");
+ print(" You have set s2s_secure_domains but your version of LuaSec does ");
+ print(" not support certificate validation, so s2s connections to/from ");
+ print(" these domains will fail.");
+ ok = false;
+ end
+ end
end
print("Done.\n");