#1031 In prosodyctl check, disable s2s cert validation when s2s is disabled

Reporter Link Mauve
Owner Nobody
Created
Updated
Stars ★ (1)
Tags
  • Milestone-0.11
  • Status-Fixed
  • Priority-Medium
  • Type-Enhancement
  1. Link Mauve on

    Description of feature: When running `prosodyctl check`, at the “Checking certificates...” step, every VirtualHost and Component sections are checked, but things like proxy65 which don’t need any kind of s2s and for which I disable it with modules_disabled = { "s2s" } are still checked, for example: Checking certificate for proxy.linkmauve.fr Certificate: /etc/prosody/certs/linkmauve.fr.crt Not valid for server-to-server connections to proxy.linkmauve.fr. Motivation: (Why?) It would make it easier to see actual errors not to have false positives.

  2. Zash on

    Agreed. It should check hosts where mod_c2s or mod_s2s is enabled.

    Changes
    • tags Status-Accepted
  3. Link Mauve on

    Here is a patch: https://prosody.im/pastebin/786cf872-450f-4b4c-acac-b14015fbe49f

  4. Zash on

    Thanks https://hg.prosody.im/trunk/rev/ddd98e262519

    Changes
    • tags Status-Fixed Milestone-0.11

New comment

Not published. Used for spam prevention and optional update notifications.