#1915 Prosody 13.0 does not honour per-host 'ssl' options on direct TLS ports
Reporter
MattJ
Owner
MattJ
Created
Updated
Stars
★ (1)
Tags
Priority-Medium
Status-Fixed
Type-Defect
Milestone-13.0
MattJ
on
Prosody 13.0 unexpectedly changes the behaviour of manual certificate configuration (i.e. 'ssl' and '*_ssl' options such as 'https_ssl') for "direct TLS" ports, including HTTPS. Instead, Prosody always uses automatic certificate selection for these services, unless it finds manual configuration options in the global scope.
```
VirtualHost "localhost"
modules_enabled = { "http" }
-- Configure some non-default certificate for HTTPS
https_ssl = {
key = "data/test.key";
certificate = "data/test.crt";
}
```
In Prosody 0.12, the 'test.crt' certificate can be observed on port 5281, but in 13.0 the default localhost cert is presented instead.
Unfortunately it still (Prosody 13.0.1) does not work when having more than a single domain/port:
```
c2s_direct_tls_ports = { 5223, 5225 };
c2s_direct_tls_ssl = {
[5223] = {
key = "/etc/prosody/certs/example1.org.key";
certificate = "/etc/prosody/certs/example1.org.crt";
};
[5225] = {
key = "/etc/prosody/certs/example2.org.key";
certificate = "/etc/prosody/certs/example2.org.crt";
};
}
```
Same with "s2s_direct_tls..."
Error log:
```
modulemanager error Error initializing module 'c2s' on 'jabber.geierb.de': /usr/lib/prosody/util/sslconfig.lua:123: attempt to index a number value (local 'field')
stack traceback:
/usr/lib/prosody/util/sslconfig.lua:123: in function 'prosody.util.sslconfig.apply'
/usr/lib/prosody/core/certmanager.lua:334: in function 'prosody.core.certmanager.create_context'
/usr/lib/prosody/core/portmanager.lua:69: in upvalue 'get_port_ssl_ctx'
/usr/lib/prosody/core/portmanager.lua:125: in function 'prosody.core.portmanager.activate'
/usr/lib/prosody/core/portmanager.lua:177: in function 'prosody.core.portmanager.register_service'
/usr/lib/prosody/core/portmanager.lua:276: in field '?'
/usr/lib/prosody/util/events.lua:81: in function </usr/lib/prosody/util/events.lua:77>
(...tail calls...)
/usr/lib/prosody/core/moduleapi.lua:415: in function 'prosody.core.moduleapi.add_item'
/usr/lib/prosody/core/moduleapi.lua:470: in function 'prosody.core.moduleapi.provides'
/usr/lib/prosody/modules/mod_c2s.lua:509: in main chunk
... (skipping 4 levels)
/usr/lib/prosody/core/hostmanager.lua:108: in function 'prosody.core.hostmanager.activate'
/usr/lib/prosody/core/hostmanager.lua:58: in field '?'
/usr/lib/prosody/util/events.lua:81: in function </usr/lib/prosody/util/events.lua:77>
(...tail calls...)
/usr/lib/prosody/util/startup.lua:468: in field '?'
/usr/lib/prosody/util/events.lua:81: in function </usr/lib/prosody/util/events.lua:77>
(...tail calls...)
/usr/lib/prosody/util/fsm.lua:25: in upvalue 'notify_transitioned'
/usr/lib/prosody/util/fsm.lua:58: in method 'begin_startup'
/usr/lib/prosody/util/startup.lua:494: in function 'prosody.util.startup.prepare_to_start'
/usr/lib/prosody/util/startup.lua:953: in function 'prosody.util.startup.prosody'
/usr/lib/prosody/util/async.lua:161: in function 'prosody.util.async.default_runner_func'
/usr/lib/prosody/util/async.lua:149: in function </usr/lib/prosody/util/async.lua:147>
```
Prosody 13.0 unexpectedly changes the behaviour of manual certificate configuration (i.e. 'ssl' and '*_ssl' options such as 'https_ssl') for "direct TLS" ports, including HTTPS. Instead, Prosody always uses automatic certificate selection for these services, unless it finds manual configuration options in the global scope. ``` VirtualHost "localhost" modules_enabled = { "http" } -- Configure some non-default certificate for HTTPS https_ssl = { key = "data/test.key"; certificate = "data/test.crt"; } ``` In Prosody 0.12, the 'test.crt' certificate can be observed on port 5281, but in 13.0 the default localhost cert is presented instead.
This should be fixed with https://hg.prosody.im/trunk/rev/4ea7bd7325be in 13.0 and trunk.
ChangesUnfortunately it still (Prosody 13.0.1) does not work when having more than a single domain/port: ``` c2s_direct_tls_ports = { 5223, 5225 }; c2s_direct_tls_ssl = { [5223] = { key = "/etc/prosody/certs/example1.org.key"; certificate = "/etc/prosody/certs/example1.org.crt"; }; [5225] = { key = "/etc/prosody/certs/example2.org.key"; certificate = "/etc/prosody/certs/example2.org.crt"; }; } ``` Same with "s2s_direct_tls..." Error log: ``` modulemanager error Error initializing module 'c2s' on 'jabber.geierb.de': /usr/lib/prosody/util/sslconfig.lua:123: attempt to index a number value (local 'field') stack traceback: /usr/lib/prosody/util/sslconfig.lua:123: in function 'prosody.util.sslconfig.apply' /usr/lib/prosody/core/certmanager.lua:334: in function 'prosody.core.certmanager.create_context' /usr/lib/prosody/core/portmanager.lua:69: in upvalue 'get_port_ssl_ctx' /usr/lib/prosody/core/portmanager.lua:125: in function 'prosody.core.portmanager.activate' /usr/lib/prosody/core/portmanager.lua:177: in function 'prosody.core.portmanager.register_service' /usr/lib/prosody/core/portmanager.lua:276: in field '?' /usr/lib/prosody/util/events.lua:81: in function </usr/lib/prosody/util/events.lua:77> (...tail calls...) /usr/lib/prosody/core/moduleapi.lua:415: in function 'prosody.core.moduleapi.add_item' /usr/lib/prosody/core/moduleapi.lua:470: in function 'prosody.core.moduleapi.provides' /usr/lib/prosody/modules/mod_c2s.lua:509: in main chunk ... (skipping 4 levels) /usr/lib/prosody/core/hostmanager.lua:108: in function 'prosody.core.hostmanager.activate' /usr/lib/prosody/core/hostmanager.lua:58: in field '?' /usr/lib/prosody/util/events.lua:81: in function </usr/lib/prosody/util/events.lua:77> (...tail calls...) /usr/lib/prosody/util/startup.lua:468: in field '?' /usr/lib/prosody/util/events.lua:81: in function </usr/lib/prosody/util/events.lua:77> (...tail calls...) /usr/lib/prosody/util/fsm.lua:25: in upvalue 'notify_transitioned' /usr/lib/prosody/util/fsm.lua:58: in method 'begin_startup' /usr/lib/prosody/util/startup.lua:494: in function 'prosody.util.startup.prepare_to_start' /usr/lib/prosody/util/startup.lua:953: in function 'prosody.util.startup.prosody' /usr/lib/prosody/util/async.lua:161: in function 'prosody.util.async.default_runner_func' /usr/lib/prosody/util/async.lua:149: in function </usr/lib/prosody/util/async.lua:147> ```