aboutsummaryrefslogtreecommitdiffstats
path: root/util/prosodyctl
diff options
context:
space:
mode:
Diffstat (limited to 'util/prosodyctl')
-rw-r--r--util/prosodyctl/check.lua16
1 files changed, 13 insertions, 3 deletions
diff --git a/util/prosodyctl/check.lua b/util/prosodyctl/check.lua
index 7ba0ccd0..8e4a4dc5 100644
--- a/util/prosodyctl/check.lua
+++ b/util/prosodyctl/check.lua
@@ -313,6 +313,7 @@ local function check(arg)
local set = require "prosody.util.set";
local it = require "prosody.util.iterators";
local ok = true;
+ local function contains_match(hayset, needle) for member in hayset do if member:find(needle) then return true end end end
local function disabled_hosts(host, conf) return host ~= "*" and conf.enabled ~= false; end
local function enabled_hosts() return it.filter(disabled_hosts, pairs(configmanager.getconfig())); end
local checks = {};
@@ -973,9 +974,6 @@ local function check(arg)
end
local known_http_modules = set.new { "bosh"; "http_files"; "http_file_share"; "http_openmetrics"; "websocket" };
- local function contains_match(hayset, needle)
- for member in hayset do if member:find(needle) then return true end end
- end
if modules:contains("http") or not set.intersection(modules, known_http_modules):empty()
or contains_match(modules, "^http_") or contains_match(modules, "_web$") then
@@ -1183,6 +1181,18 @@ local function check(arg)
print(" Not valid for server-to-server connections to "..host..".")
cert_ok = false
end
+
+ local known_http_modules = set.new { "bosh"; "http_files"; "http_file_share"; "http_openmetrics"; "websocket" };
+ local http_loaded = modules:contains("http")
+ or not set.intersection(modules, known_http_modules):empty()
+ or contains_match(modules, "^http_")
+ or contains_match(modules, "_web$");
+
+ local http_host = api(host):get_option_string("http_host", host);
+ if http_loaded and not x509_verify_identity(http_host, nil, cert) then
+ print(" Not valid for HTTPS connections to "..host..".")
+ cert_ok = false
+ end
if use_dane then
if cert.pubkey then
print(" DANE: TLSA 3 1 1 "..sha256(pem2der(cert:pubkey()), true))