From ef1f75a9dd0ebd0f116508b89abbcd790482eb07 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Fri, 4 Aug 2017 20:27:43 +0200
Subject: prosodyctl: Skip certificate checks for hosts of the form node@host
(fixes #779)
---
prosodyctl | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
(limited to 'prosodyctl')
diff --git a/prosodyctl b/prosodyctl
index 8997f31c..800dddbf 100755
--- a/prosodyctl
+++ b/prosodyctl
@@ -1336,7 +1336,14 @@ function commands.check(arg)
print("This version of LuaSec (" .. ssl._VERSION .. ") does not support certificate checking");
cert_ok = false
else
- for host in enabled_hosts() do
+ local function skip_bare_jid_hosts(host)
+ if jid_split(host) then
+ -- See issue #779
+ return false;
+ end
+ return true;
+ end
+ for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do
print("Checking certificate for "..host);
-- First, let's find out what certificate this host uses.
local host_ssl_config = config.rawget(host, "ssl")
--
cgit v1.2.3
From cb0a2ffe81725c4457a999af5c03b91493629df5 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Fri, 7 Jul 2017 20:42:35 +0200
Subject: prosody, prosodyctl: Set up TLS settings for HTTPS requests in
net.http (part of fix for #659)
---
prosodyctl | 7 +++++++
1 file changed, 7 insertions(+)
(limited to 'prosodyctl')
diff --git a/prosodyctl b/prosodyctl
index 800dddbf..cd58212e 100755
--- a/prosodyctl
+++ b/prosodyctl
@@ -251,6 +251,13 @@ local modulemanager = require "core.modulemanager"
local prosodyctl = require "util.prosodyctl"
local socket = require "socket"
+
+local http = require "net.http"
+local config_ssl = config.get("*", "ssl")
+local https_client = config.get("*", "client_https_ssl")
+http.default.options.sslctx = require "core.certmanager".create_context("client_https port 0", "client",
+ { capath = config_ssl.capath, cafile = config_ssl.cafile, verify = "peer", }, https_client);
+
-----------------------
-- FIXME: Duplicate code waiting for util.startup
--
cgit v1.2.3