diff options
| author | Kim Alvefur <zash@zash.se> | 2015-09-24 20:02:57 +0200 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2015-09-24 20:02:57 +0200 |
| commit | eb5aa38412c052e2d6aa8d99dcc32817a7836795 (patch) | |
| tree | 668f8ad3f6e7f5f1c05c1b3992812544ebc8d0a6 /prosodyctl | |
| parent | dd3368d55b9a5c85938c90ebb92f7b60e0c0df2e (diff) | |
| download | prosody-eb5aa38412c052e2d6aa8d99dcc32817a7836795.tar.gz prosody-eb5aa38412c052e2d6aa8d99dcc32817a7836795.zip | |
prosodyctl check: Warn if certificate checking is enforced but LuaSec is too old
Diffstat (limited to 'prosodyctl')
| -rwxr-xr-x | prosodyctl | 24 |
1 files changed, 24 insertions, 0 deletions
@@ -925,6 +925,30 @@ function commands.check(arg) print(" Connections will fail."); ok = false; end + elseif not ssl.loadcertificate then + if all_options:contains("s2s_secure_auth") then + print(""); + print(" You have set s2s_secure_auth but your version of LuaSec does "); + print(" not support certificate validation, so all s2s connections will"); + print(" fail."); + ok = false; + elseif all_options:contains("s2s_secure_domains") then + local secure_domains = set.new(); + for host in enabled_hosts() do + if config[host].s2s_secure_auth == true then + secure_domains:add("*"); + else + secure_domains:include(set.new(config[host].s2s_secure_domains)); + end + end + if not secure_domains:empty() then + print(""); + print(" You have set s2s_secure_domains but your version of LuaSec does "); + print(" not support certificate validation, so s2s connections to/from "); + print(" these domains will fail."); + ok = false; + end + end end print("Done.\n"); |