1195 end |
1195 end |
1196 if not what or what == "certs" then |
1196 if not what or what == "certs" then |
1197 local cert_ok; |
1197 local cert_ok; |
1198 print"Checking certificates..." |
1198 print"Checking certificates..." |
1199 local x509_verify_identity = require"util.x509".verify_identity; |
1199 local x509_verify_identity = require"util.x509".verify_identity; |
|
1200 local create_context = require "core.certmanager".create_context; |
1200 local ssl = dependencies.softreq"ssl"; |
1201 local ssl = dependencies.softreq"ssl"; |
1201 -- local datetime_parse = require"util.datetime".parse_x509; |
1202 -- local datetime_parse = require"util.datetime".parse_x509; |
1202 local load_cert = ssl and ssl.loadcertificate; |
1203 local load_cert = ssl and ssl.loadcertificate; |
1203 -- or ssl.cert_from_pem |
1204 -- or ssl.cert_from_pem |
1204 if not ssl then |
1205 if not ssl then |
1209 cert_ok = false |
1210 cert_ok = false |
1210 else |
1211 else |
1211 for host in enabled_hosts() do |
1212 for host in enabled_hosts() do |
1212 print("Checking certificate for "..host); |
1213 print("Checking certificate for "..host); |
1213 -- First, let's find out what certificate this host uses. |
1214 -- First, let's find out what certificate this host uses. |
1214 local ssl_config = config.rawget(host, "ssl"); |
1215 local host_ssl_config = config.rawget(host, "ssl") |
1215 if not ssl_config then |
1216 or config.rawget(host:match("%.(.*)"), "ssl"); |
1216 local base_host = host:match("%.(.*)"); |
1217 local global_ssl_config = config.rawget("*", "ssl"); |
1217 ssl_config = config.get(base_host, "ssl"); |
1218 local ok, err, ssl_config = create_context(host, "server", host_ssl_config, global_ssl_config); |
1218 end |
1219 if not ok then |
1219 if not ssl_config then |
1220 print(" Error: "..err); |
1220 print(" No 'ssl' option defined for "..host) |
|
1221 cert_ok = false |
1221 cert_ok = false |
1222 elseif not ssl_config.certificate then |
1222 elseif not ssl_config.certificate then |
1223 print(" No 'certificate' set in ssl option for "..host) |
1223 print(" No 'certificate' set in ssl option for "..host) |
1224 cert_ok = false |
1224 cert_ok = false |
1225 elseif not ssl_config.key then |
1225 elseif not ssl_config.key then |