diff options
author | Kim Alvefur <zash@zash.se> | 2023-11-13 09:44:40 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2023-11-13 09:44:40 +0100 |
commit | 5146db2da02de75a12fbf626f318e16b00683aae (patch) | |
tree | ed7fa993957f8e3397131c581692504f3b19b38b /util/prosodyctl | |
parent | 8d137609a4d59817d2abeb629926b8612e150796 (diff) | |
download | prosody-5146db2da02de75a12fbf626f318e16b00683aae.tar.gz prosody-5146db2da02de75a12fbf626f318e16b00683aae.zip |
util.prosodyctl.check: Update conditions for s2s cert checks
The 'anonymous_login' setting is deprecated and prosodyctl check config
will tell you to change it to 'authentication = "internal_hashed"', so
we shouldn't need to care about here anymore.
Diffstat (limited to 'util/prosodyctl')
-rw-r--r-- | util/prosodyctl/check.lua | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/util/prosodyctl/check.lua b/util/prosodyctl/check.lua index 12c5b5c7..7ba0ccd0 100644 --- a/util/prosodyctl/check.lua +++ b/util/prosodyctl/check.lua @@ -1177,9 +1177,9 @@ local function check(arg) print(" Not valid for client connections to "..host..".") cert_ok = false end - if modules:contains("s2s") and (not (api(host):get_option_boolean("anonymous_login", false) - or api(host):get_option_string("authentication", "internal_hashed") == "anonymous")) - and not x509_verify_identity(host, "_xmpp-server", cert) then + local anon = api(host):get_option_string("authentication", "internal_hashed") == "anonymous"; + local anon_s2s = api(host):get_option_boolean("allow_anonymous_s2s", false); + if modules:contains("s2s") and (anon_s2s or not anon) and not x509_verify_identity(host, "_xmpp-server", cert) then print(" Not valid for server-to-server connections to "..host..".") cert_ok = false end |