From ef1f75a9dd0ebd0f116508b89abbcd790482eb07 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 4 Aug 2017 20:27:43 +0200 Subject: prosodyctl: Skip certificate checks for hosts of the form node@host (fixes #779) --- prosodyctl | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'prosodyctl') diff --git a/prosodyctl b/prosodyctl index 8997f31c..800dddbf 100755 --- a/prosodyctl +++ b/prosodyctl @@ -1336,7 +1336,14 @@ function commands.check(arg) print("This version of LuaSec (" .. ssl._VERSION .. ") does not support certificate checking"); cert_ok = false else - for host in enabled_hosts() do + local function skip_bare_jid_hosts(host) + if jid_split(host) then + -- See issue #779 + return false; + end + return true; + end + for host in it.filter(skip_bare_jid_hosts, enabled_hosts()) do print("Checking certificate for "..host); -- First, let's find out what certificate this host uses. local host_ssl_config = config.rawget(host, "ssl") -- cgit v1.2.3 From cb0a2ffe81725c4457a999af5c03b91493629df5 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 7 Jul 2017 20:42:35 +0200 Subject: prosody, prosodyctl: Set up TLS settings for HTTPS requests in net.http (part of fix for #659) --- prosodyctl | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'prosodyctl') diff --git a/prosodyctl b/prosodyctl index 800dddbf..cd58212e 100755 --- a/prosodyctl +++ b/prosodyctl @@ -251,6 +251,13 @@ local modulemanager = require "core.modulemanager" local prosodyctl = require "util.prosodyctl" local socket = require "socket" + +local http = require "net.http" +local config_ssl = config.get("*", "ssl") +local https_client = config.get("*", "client_https_ssl") +http.default.options.sslctx = require "core.certmanager".create_context("client_https port 0", "client", + { capath = config_ssl.capath, cafile = config_ssl.cafile, verify = "peer", }, https_client); + ----------------------- -- FIXME: Duplicate code waiting for util.startup -- cgit v1.2.3