#1915 Prosody 13.0 does not honour per-host 'ssl' options on direct TLS ports

Reporter MattJ
Owner MattJ
Created
Updated
Stars ★ (1)
Tags
  • Priority-Medium
  • Status-Fixed
  • Type-Defect
  • Milestone-13.0
  1. MattJ on

    Prosody 13.0 unexpectedly changes the behaviour of manual certificate configuration (i.e. 'ssl' and '*_ssl' options such as 'https_ssl') for "direct TLS" ports, including HTTPS. Instead, Prosody always uses automatic certificate selection for these services, unless it finds manual configuration options in the global scope. ``` VirtualHost "localhost" modules_enabled = { "http" } -- Configure some non-default certificate for HTTPS https_ssl = { key = "data/test.key"; certificate = "data/test.crt"; } ``` In Prosody 0.12, the 'test.crt' certificate can be observed on port 5281, but in 13.0 the default localhost cert is presented instead.

  2. MattJ on

    This should be fixed with https://hg.prosody.im/trunk/rev/4ea7bd7325be in 13.0 and trunk.

    Changes
    • tags Status-Fixed
    • owner MattJ
  3. citronalco on

    Unfortunately it still (Prosody 13.0.1) does not work when having more than a single domain/port: ``` c2s_direct_tls_ports = { 5223, 5225 }; c2s_direct_tls_ssl = { [5223] = { key = "/etc/prosody/certs/example1.org.key"; certificate = "/etc/prosody/certs/example1.org.crt"; }; [5225] = { key = "/etc/prosody/certs/example2.org.key"; certificate = "/etc/prosody/certs/example2.org.crt"; }; } ``` Same with "s2s_direct_tls..." Error log: ``` modulemanager error Error initializing module 'c2s' on 'jabber.geierb.de': /usr/lib/prosody/util/sslconfig.lua:123: attempt to index a number value (local 'field') stack traceback: /usr/lib/prosody/util/sslconfig.lua:123: in function 'prosody.util.sslconfig.apply' /usr/lib/prosody/core/certmanager.lua:334: in function 'prosody.core.certmanager.create_context' /usr/lib/prosody/core/portmanager.lua:69: in upvalue 'get_port_ssl_ctx' /usr/lib/prosody/core/portmanager.lua:125: in function 'prosody.core.portmanager.activate' /usr/lib/prosody/core/portmanager.lua:177: in function 'prosody.core.portmanager.register_service' /usr/lib/prosody/core/portmanager.lua:276: in field '?' /usr/lib/prosody/util/events.lua:81: in function </usr/lib/prosody/util/events.lua:77> (...tail calls...) /usr/lib/prosody/core/moduleapi.lua:415: in function 'prosody.core.moduleapi.add_item' /usr/lib/prosody/core/moduleapi.lua:470: in function 'prosody.core.moduleapi.provides' /usr/lib/prosody/modules/mod_c2s.lua:509: in main chunk ... (skipping 4 levels) /usr/lib/prosody/core/hostmanager.lua:108: in function 'prosody.core.hostmanager.activate' /usr/lib/prosody/core/hostmanager.lua:58: in field '?' /usr/lib/prosody/util/events.lua:81: in function </usr/lib/prosody/util/events.lua:77> (...tail calls...) /usr/lib/prosody/util/startup.lua:468: in field '?' /usr/lib/prosody/util/events.lua:81: in function </usr/lib/prosody/util/events.lua:77> (...tail calls...) /usr/lib/prosody/util/fsm.lua:25: in upvalue 'notify_transitioned' /usr/lib/prosody/util/fsm.lua:58: in method 'begin_startup' /usr/lib/prosody/util/startup.lua:494: in function 'prosody.util.startup.prepare_to_start' /usr/lib/prosody/util/startup.lua:953: in function 'prosody.util.startup.prosody' /usr/lib/prosody/util/async.lua:161: in function 'prosody.util.async.default_runner_func' /usr/lib/prosody/util/async.lua:149: in function </usr/lib/prosody/util/async.lua:147> ```

New comment

Not published. Used for spam prevention and optional update notifications.