Mercurial > prosody-hg
comparison util/prosodyctl/check.lua @ 14226:59c50c76860b
util.prosodyctl.check: Show TLSA records in DNS
Doesn't yet check that these match your certificates, but can be
compared to 'check certs'
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 12 Jun 2026 23:08:09 +0200 |
| parents | 866422587486 |
| children | 84a72e9cb610 |
comparison
equal
deleted
inserted
replaced
| 14225:866422587486 | 14226:59c50c76860b |
|---|---|
| 914 local global = api("*"); | 914 local global = api("*"); |
| 915 local c2s_ports = global:get_option_set("c2s_ports", {5222}); | 915 local c2s_ports = global:get_option_set("c2s_ports", {5222}); |
| 916 local s2s_ports = global:get_option_set("s2s_ports", {5269}); | 916 local s2s_ports = global:get_option_set("s2s_ports", {5269}); |
| 917 local c2s_tls_ports = global:get_option_set("c2s_direct_tls_ports", {}); | 917 local c2s_tls_ports = global:get_option_set("c2s_direct_tls_ports", {}); |
| 918 local s2s_tls_ports = global:get_option_set("s2s_direct_tls_ports", {}); | 918 local s2s_tls_ports = global:get_option_set("s2s_direct_tls_ports", {}); |
| 919 local use_dane = global:get_option_boolean("use_dane", true); | |
| 919 | 920 |
| 920 local global_enabled = set.new(); | 921 local global_enabled = set.new(); |
| 921 for host in enabled_hosts() do | 922 for host in enabled_hosts() do |
| 922 global_enabled:include(modulemanager.get_modules_for_host(host)); | 923 global_enabled:include(modulemanager.get_modules_for_host(host)); |
| 923 end | 924 end |
| 1040 end | 1041 end |
| 1041 local target = trim_dns_name(record.srv.target); | 1042 local target = trim_dns_name(record.srv.target); |
| 1042 targets:add(target); | 1043 targets:add(target); |
| 1043 if not ports:contains(record.srv.port) then | 1044 if not ports:contains(record.srv.port) then |
| 1044 print(" SRV target " .. target .. " contains unknown " .. description .. " port: " .. record.srv.port); | 1045 print(" SRV target " .. target .. " contains unknown " .. description .. " port: " .. record.srv.port); |
| 1046 end | |
| 1047 if use_dane and res.secure then | |
| 1048 local tlsa = dns.lookup("_"..record.srv.port.."._tcp."..target..".", "TLSA"); | |
| 1049 for i = 1, #tlsa do | |
| 1050 print(" DANE: " .. tostring(tlsa[i])); | |
| 1051 end | |
| 1045 end | 1052 end |
| 1046 end | 1053 end |
| 1047 elseif required then | 1054 elseif required then |
| 1048 print(" No _" .. service .. " SRV record found for " .. domain .. ", but it looks like you need one."); | 1055 print(" No _" .. service .. " SRV record found for " .. domain .. ", but it looks like you need one."); |
| 1049 srv_ok = false; | 1056 srv_ok = false; |
