aboutsummaryrefslogtreecommitdiffstats
path: root/util/prosodyctl
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2023-11-13 09:43:54 +0100
committerKim Alvefur <zash@zash.se>2023-11-13 09:43:54 +0100
commit8d137609a4d59817d2abeb629926b8612e150796 (patch)
tree11d997d6ddc6efcb4c7befcb0187e08349688ba6 /util/prosodyctl
parentb239732046f737d51a4b004b30c4bd3699bf3ad2 (diff)
downloadprosody-8d137609a4d59817d2abeb629926b8612e150796.tar.gz
prosody-8d137609a4d59817d2abeb629926b8612e150796.zip
util.prosodyctl.check: Simplify conditions for c2s and s2s cert checks
This code is hard to follow and in need of some refactoring.
Diffstat (limited to 'util/prosodyctl')
-rw-r--r--util/prosodyctl/check.lua6
1 files changed, 3 insertions, 3 deletions
diff --git a/util/prosodyctl/check.lua b/util/prosodyctl/check.lua
index fa65d1b6..12c5b5c7 100644
--- a/util/prosodyctl/check.lua
+++ b/util/prosodyctl/check.lua
@@ -1131,6 +1131,7 @@ local function check(arg)
cert_ok = false
else
for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do
+ local modules = modulemanager.get_modules_for_host(host);
print("Checking certificate for "..host);
-- First, let's find out what certificate this host uses.
local host_ssl_config = configmanager.rawget(host, "ssl")
@@ -1172,12 +1173,11 @@ local function check(arg)
elseif not cert:validat(os.time() + 86400*31) then
print(" Certificate expires within one month.")
end
- if select(2, modulemanager.get_modules_for_host(host)) == nil
- and not x509_verify_identity(host, "_xmpp-client", cert) then
+ if modules:contains("c2s") and not x509_verify_identity(host, "_xmpp-client", cert) then
print(" Not valid for client connections to "..host..".")
cert_ok = false
end
- if (not (api(host):get_option_boolean("anonymous_login", false)
+ if modules:contains("s2s") and (not (api(host):get_option_boolean("anonymous_login", false)
or api(host):get_option_string("authentication", "internal_hashed") == "anonymous"))
and not x509_verify_identity(host, "_xmpp-server", cert) then
print(" Not valid for server-to-server connections to "..host..".")