#1019 Automatic certificate discovery breaks when service name contains underscore
Reporter
mancho
Owner
Nobody
Created
Updated
Stars
★ (1)
Tags
Status-New
Priority-Medium
Type-Defect
mancho
on
What steps will reproduce the problem?
1. Activate legacy_ssl (i.e. add legacy_ssl_ports = { <port_number> } to config) without manually specifying the location of the certificate/key
2. Have legacy_ssl.crt and legacy_ssl.key in the global certificates directory (e.g. under /etc/prosody/certs)
3. (Re)Start Prosody
What is the expected output?
portmanager debug No active service for legacy_ssl, activating...
certmanager debug Searching /etc/prosody/certs for a key and certificate for legacy_ssl...
certmanager debug Selecting certificate /etc/prosody/certs/legacy_ssl.crt with key /etc/prosody/certs/legacy_ssl.key for legacy_ssl
What do you see instead?
portmanager debug No active service for legacy_ssl, activating...
certmanager debug Searching /etc/prosody/certs for a key and certificate for legacy_ssl port <port_number>...
certmanager debug No certificate/key found for legacy_ssl port <port_number>
portmanager error Error binding encrypted port for legacy_ssl: No key present in SSL/TLS configuration for legacy_ssl port <port_number>
certmanager debug Searching /etc/prosody/certs for a key and certificate for legacy_ssl port <port_number>...
certmanager debug No certificate/key found for legacy_ssl port <port_number>
portmanager error Error binding encrypted port for legacy_ssl: No key present in SSL/TLS configuration for legacy_ssl port <port_number>
What version of the product are you using? On what operating system?
Prosody 0.10.0 on Ubuntu 16.04.3 LTS
Lua 5.1
lfs: LuaFileSystem 1.6.3
libevent: 2.0.21-stable
luaevent: 0.4.4
lxp: LuaExpat 1.3.0
socket: LuaSocket 3.0-rc1
ssl: 0.5.1
Please provide any additional information below.
Workaround: rename the certificate/key files to "legacy_ssl port <port_number>.crt"/"legacy_ssl port <port_number>.key"
The bug is located in core/certmanager.lua, line 141. The pattern used in create_context() to extract the service name and port out of host requires the service name to contain only alphanumeric characters (%w).
Changing the pattern from "^(%w+) port (%d+)$" to "^([%w_]+) port (%d+)$" solves this specific issue, but others may arise with more uncommon service names.
What steps will reproduce the problem? 1. Activate legacy_ssl (i.e. add legacy_ssl_ports = { <port_number> } to config) without manually specifying the location of the certificate/key 2. Have legacy_ssl.crt and legacy_ssl.key in the global certificates directory (e.g. under /etc/prosody/certs) 3. (Re)Start Prosody What is the expected output? portmanager debug No active service for legacy_ssl, activating... certmanager debug Searching /etc/prosody/certs for a key and certificate for legacy_ssl... certmanager debug Selecting certificate /etc/prosody/certs/legacy_ssl.crt with key /etc/prosody/certs/legacy_ssl.key for legacy_ssl What do you see instead? portmanager debug No active service for legacy_ssl, activating... certmanager debug Searching /etc/prosody/certs for a key and certificate for legacy_ssl port <port_number>... certmanager debug No certificate/key found for legacy_ssl port <port_number> portmanager error Error binding encrypted port for legacy_ssl: No key present in SSL/TLS configuration for legacy_ssl port <port_number> certmanager debug Searching /etc/prosody/certs for a key and certificate for legacy_ssl port <port_number>... certmanager debug No certificate/key found for legacy_ssl port <port_number> portmanager error Error binding encrypted port for legacy_ssl: No key present in SSL/TLS configuration for legacy_ssl port <port_number> What version of the product are you using? On what operating system? Prosody 0.10.0 on Ubuntu 16.04.3 LTS Lua 5.1 lfs: LuaFileSystem 1.6.3 libevent: 2.0.21-stable luaevent: 0.4.4 lxp: LuaExpat 1.3.0 socket: LuaSocket 3.0-rc1 ssl: 0.5.1 Please provide any additional information below. Workaround: rename the certificate/key files to "legacy_ssl port <port_number>.crt"/"legacy_ssl port <port_number>.key" The bug is located in core/certmanager.lua, line 141. The pattern used in create_context() to extract the service name and port out of host requires the service name to contain only alphanumeric characters (%w). Changing the pattern from "^(%w+) port (%d+)$" to "^([%w_]+) port (%d+)$" solves this specific issue, but others may arise with more uncommon service names.