From 5146db2da02de75a12fbf626f318e16b00683aae Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 13 Nov 2023 09:44:40 +0100 Subject: util.prosodyctl.check: Update conditions for s2s cert checks The 'anonymous_login' setting is deprecated and prosodyctl check config will tell you to change it to 'authentication = "internal_hashed"', so we shouldn't need to care about here anymore. --- util/prosodyctl/check.lua | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'util') diff --git a/util/prosodyctl/check.lua b/util/prosodyctl/check.lua index 12c5b5c7..7ba0ccd0 100644 --- a/util/prosodyctl/check.lua +++ b/util/prosodyctl/check.lua @@ -1177,9 +1177,9 @@ local function check(arg) print(" Not valid for client connections to "..host..".") cert_ok = false end - if modules:contains("s2s") and (not (api(host):get_option_boolean("anonymous_login", false) - or api(host):get_option_string("authentication", "internal_hashed") == "anonymous")) - and not x509_verify_identity(host, "_xmpp-server", cert) then + local anon = api(host):get_option_string("authentication", "internal_hashed") == "anonymous"; + local anon_s2s = api(host):get_option_boolean("allow_anonymous_s2s", false); + if modules:contains("s2s") and (anon_s2s or not anon) and not x509_verify_identity(host, "_xmpp-server", cert) then print(" Not valid for server-to-server connections to "..host..".") cert_ok = false end -- cgit v1.2.3