From b3582e6bfae0558120ad3a65caa790490c707e08 Mon Sep 17 00:00:00 2001 From: John Livingston Date: Wed, 31 May 2023 12:11:02 +0200 Subject: [PATCH] Fix missing self signed certificates is some conditions. --- CHANGELOG.md | 1 + server/lib/prosody/certificates.ts | 16 +++++++++++++++- server/lib/prosody/ctl.ts | 12 +++++++++++- 3 files changed, 27 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2b82daa4..bdb5790b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -27,6 +27,7 @@ TODO: for directS2S, needs a SRV records for the main host if port is not standa * Prosody AppImage: fix path mapping: we only map necessary /etc/ subdir, so that the AppImage can access to /etc/resolv.conf, /etc/hosts, ... * Prosody AppImage: hidden debug mode to disable lua-unbound, that seems broken in some docker dev environments. * Debug Mode: can change some parameters. +* Fix use case where self-signed certificates are missing. ## 6.3.0 diff --git a/server/lib/prosody/certificates.ts b/server/lib/prosody/certificates.ts index 95061d3a..0b3b8628 100644 --- a/server/lib/prosody/certificates.ts +++ b/server/lib/prosody/certificates.ts @@ -110,6 +110,19 @@ async function renewCheckSelfSigned (options: RegisterServerOptions, config: Pro await reloadProsody(options) } +async function missingSelfSignedCertificates (options: RegisterServerOptions, config: ProsodyConfig): Promise { + if (config.certificates !== 'generate-self-signed') { + return false + } + const filepath = _filePathToTest(options, config) + if (!filepath) { return false } + if (fs.existsSync(filepath)) { + options.peertubeHelpers.logger.debug('Missing certificate file: ' + filepath) + return false + } + return true +} + async function renewCheckFromDir (options: RegisterServerOptions, config: ProsodyConfig): Promise { // We will browse all dir files, get the more recent file update time, and compare it to the previous call. const logger = options.peertubeHelpers.logger @@ -149,5 +162,6 @@ function _filePathToTest (options: RegisterServerOptions, config: ProsodyConfig) export { ensureProsodyCertificates, startProsodyCertificatesRenewCheck, - stopProsodyCertificatesRenewCheck + stopProsodyCertificatesRenewCheck, + missingSelfSignedCertificates } diff --git a/server/lib/prosody/ctl.ts b/server/lib/prosody/ctl.ts index 0b0b4582..4e57c8fc 100644 --- a/server/lib/prosody/ctl.ts +++ b/server/lib/prosody/ctl.ts @@ -2,7 +2,10 @@ import type { RegisterServerOptions } from '@peertube/peertube-types' import { getProsodyConfig, getProsodyFilePaths, writeProsodyConfig } from './config' import { startProsodyLogRotate, stopProsodyLogRotate } from './logrotate' import { - ensureProsodyCertificates, startProsodyCertificatesRenewCheck, stopProsodyCertificatesRenewCheck + ensureProsodyCertificates, + startProsodyCertificatesRenewCheck, + stopProsodyCertificatesRenewCheck, + missingSelfSignedCertificates } from './certificates' import { disableProxyRoute, enableProxyRoute } from '../routers/webchat' import { fixRoomSubject } from './fix-room-subject' @@ -268,6 +271,13 @@ async function testProsodyCorrectlyRunning (options: RegisterServerOptions): Pro result.messages.push('Prosody configuration file content is not correct.') return result } + + if (!await missingSelfSignedCertificates(options, wantedConfig)) { + result.messages.push('No missing self signed certificates.') + } else { + result.messages.push('Missing self signed certificates.') + return result + } } catch (error) { result.messages.push('Error when requiring the prosody config file: ' + (error as string)) return result