#1019 Automatic certificate discovery breaks when service name contains underscore

Reporter mancho
Owner Nobody
Created
Updated
Stars ★ (1)  
Tags
  • Status-New
  • Priority-Medium
  • Type-Defect
  1. mancho on

    What steps will reproduce the problem? 1. Activate legacy_ssl (i.e. add legacy_ssl_ports = { <port_number> } to config) without manually specifying the location of the certificate/key 2. Have legacy_ssl.crt and legacy_ssl.key in the global certificates directory (e.g. under /etc/prosody/certs) 3. (Re)Start Prosody What is the expected output? portmanager debug No active service for legacy_ssl, activating... certmanager debug Searching /etc/prosody/certs for a key and certificate for legacy_ssl... certmanager debug Selecting certificate /etc/prosody/certs/legacy_ssl.crt with key /etc/prosody/certs/legacy_ssl.key for legacy_ssl What do you see instead? portmanager debug No active service for legacy_ssl, activating... certmanager debug Searching /etc/prosody/certs for a key and certificate for legacy_ssl port <port_number>... certmanager debug No certificate/key found for legacy_ssl port <port_number> portmanager error Error binding encrypted port for legacy_ssl: No key present in SSL/TLS configuration for legacy_ssl port <port_number> certmanager debug Searching /etc/prosody/certs for a key and certificate for legacy_ssl port <port_number>... certmanager debug No certificate/key found for legacy_ssl port <port_number> portmanager error Error binding encrypted port for legacy_ssl: No key present in SSL/TLS configuration for legacy_ssl port <port_number> What version of the product are you using? On what operating system? Prosody 0.10.0 on Ubuntu 16.04.3 LTS Lua 5.1 lfs: LuaFileSystem 1.6.3 libevent: 2.0.21-stable luaevent: 0.4.4 lxp: LuaExpat 1.3.0 socket: LuaSocket 3.0-rc1 ssl: 0.5.1 Please provide any additional information below. Workaround: rename the certificate/key files to "legacy_ssl port <port_number>.crt"/"legacy_ssl port <port_number>.key" The bug is located in core/certmanager.lua, line 141. The pattern used in create_context() to extract the service name and port out of host requires the service name to contain only alphanumeric characters (%w). Changing the pattern from "^(%w+) port (%d+)$" to "^([%w_]+) port (%d+)$" solves this specific issue, but others may arise with more uncommon service names.

New comment