aboutsummaryrefslogtreecommitdiffstats
path: root/util/prosodyctl
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2023-11-13 09:58:56 +0100
committerKim Alvefur <zash@zash.se>2023-11-13 09:58:56 +0100
commite06c97ca525af2d40134737336322551f0ad77b4 (patch)
treea6cdbc9694e6f32b9a33e06537db3adc1803b77e /util/prosodyctl
parent8dcd20725a32473f27429ec81c7b6994ffb274fe (diff)
downloadprosody-e06c97ca525af2d40134737336322551f0ad77b4.tar.gz
prosody-e06c97ca525af2d40134737336322551f0ad77b4.zip
util.prosodyctl.check: Disable https cert check if http_external_url set
This would indicate that a reverse proxy is used, which gets to be responsible for that since it probably holds the actual cert.
Diffstat (limited to 'util/prosodyctl')
-rw-r--r--util/prosodyctl/check.lua4
1 files changed, 4 insertions, 0 deletions
diff --git a/util/prosodyctl/check.lua b/util/prosodyctl/check.lua
index 8e4a4dc5..5e7087c5 100644
--- a/util/prosodyctl/check.lua
+++ b/util/prosodyctl/check.lua
@@ -1189,6 +1189,10 @@ local function check(arg)
or contains_match(modules, "_web$");
local http_host = api(host):get_option_string("http_host", host);
+ if api(host):get_option_string("http_external_url") then
+ -- Assumed behind a reverse proxy
+ http_loaded = false;
+ end
if http_loaded and not x509_verify_identity(http_host, nil, cert) then
print(" Not valid for HTTPS connections to "..host..".")
cert_ok = false