#1019 Automatic certificate discovery breaks when service name contains underscore

Reporter mancho
Owner Zash
Created
Updated
Stars ★★ (2)
Tags
  • Status-Fixed
  • Priority-Medium
  • Milestone-0.10
  • Type-Defect
  1. mancho on

    What steps will reproduce the problem? 1. Activate legacy_ssl (i.e. add legacy_ssl_ports = { <port_number> } to config) without manually specifying the location of the certificate/key 2. Have legacy_ssl.crt and legacy_ssl.key in the global certificates directory (e.g. under /etc/prosody/certs) 3. (Re)Start Prosody What is the expected output? portmanager debug No active service for legacy_ssl, activating... certmanager debug Searching /etc/prosody/certs for a key and certificate for legacy_ssl... certmanager debug Selecting certificate /etc/prosody/certs/legacy_ssl.crt with key /etc/prosody/certs/legacy_ssl.key for legacy_ssl What do you see instead? portmanager debug No active service for legacy_ssl, activating... certmanager debug Searching /etc/prosody/certs for a key and certificate for legacy_ssl port <port_number>... certmanager debug No certificate/key found for legacy_ssl port <port_number> portmanager error Error binding encrypted port for legacy_ssl: No key present in SSL/TLS configuration for legacy_ssl port <port_number> certmanager debug Searching /etc/prosody/certs for a key and certificate for legacy_ssl port <port_number>... certmanager debug No certificate/key found for legacy_ssl port <port_number> portmanager error Error binding encrypted port for legacy_ssl: No key present in SSL/TLS configuration for legacy_ssl port <port_number> What version of the product are you using? On what operating system? Prosody 0.10.0 on Ubuntu 16.04.3 LTS Lua 5.1 lfs: LuaFileSystem 1.6.3 libevent: 2.0.21-stable luaevent: 0.4.4 lxp: LuaExpat 1.3.0 socket: LuaSocket 3.0-rc1 ssl: 0.5.1 Please provide any additional information below. Workaround: rename the certificate/key files to "legacy_ssl port <port_number>.crt"/"legacy_ssl port <port_number>.key" The bug is located in core/certmanager.lua, line 141. The pattern used in create_context() to extract the service name and port out of host requires the service name to contain only alphanumeric characters (%w). Changing the pattern from "^(%w+) port (%d+)$" to "^([%w_]+) port (%d+)$" solves this specific issue, but others may arise with more uncommon service names.

  2. Oli on

    I can confirm this problem. Prosody 0.10.0-r2 on Alpine Linux 3.7. Workaround: legacy_ssl_ssl = { key = "/path/to/certificate.key"; certificate = "/path/to/certificate.crt"; }

  3. Zash on

    Changes
    • tags Milestone-0.10 Status-Accepted
  4. Zash on

    Fixed in https://hg.prosody.im/0.10/rev/1a29b56a2d63

    Changes
    • owner Zash
    • tags Status-Fixed

New comment

Not published. Used for spam prevention and optional update notifications.