#1019 Automatic certificate discovery breaks when service name contains underscore
Reporter
mancho
Owner
Zash
Created
Updated
Stars
★★ (2)
Tags
Type-Defect
Status-Fixed
Priority-Medium
Milestone-0.10
mancho
on
What steps will reproduce the problem?
1. Activate legacy_ssl (i.e. add legacy_ssl_ports = { <port_number> } to config) without manually specifying the location of the certificate/key
2. Have legacy_ssl.crt and legacy_ssl.key in the global certificates directory (e.g. under /etc/prosody/certs)
3. (Re)Start Prosody
What is the expected output?
portmanager debug No active service for legacy_ssl, activating...
certmanager debug Searching /etc/prosody/certs for a key and certificate for legacy_ssl...
certmanager debug Selecting certificate /etc/prosody/certs/legacy_ssl.crt with key /etc/prosody/certs/legacy_ssl.key for legacy_ssl
What do you see instead?
portmanager debug No active service for legacy_ssl, activating...
certmanager debug Searching /etc/prosody/certs for a key and certificate for legacy_ssl port <port_number>...
certmanager debug No certificate/key found for legacy_ssl port <port_number>
portmanager error Error binding encrypted port for legacy_ssl: No key present in SSL/TLS configuration for legacy_ssl port <port_number>
certmanager debug Searching /etc/prosody/certs for a key and certificate for legacy_ssl port <port_number>...
certmanager debug No certificate/key found for legacy_ssl port <port_number>
portmanager error Error binding encrypted port for legacy_ssl: No key present in SSL/TLS configuration for legacy_ssl port <port_number>
What version of the product are you using? On what operating system?
Prosody 0.10.0 on Ubuntu 16.04.3 LTS
Lua 5.1
lfs: LuaFileSystem 1.6.3
libevent: 2.0.21-stable
luaevent: 0.4.4
lxp: LuaExpat 1.3.0
socket: LuaSocket 3.0-rc1
ssl: 0.5.1
Please provide any additional information below.
Workaround: rename the certificate/key files to "legacy_ssl port <port_number>.crt"/"legacy_ssl port <port_number>.key"
The bug is located in core/certmanager.lua, line 141. The pattern used in create_context() to extract the service name and port out of host requires the service name to contain only alphanumeric characters (%w).
Changing the pattern from "^(%w+) port (%d+)$" to "^([%w_]+) port (%d+)$" solves this specific issue, but others may arise with more uncommon service names.
Oli
on
I can confirm this problem. Prosody 0.10.0-r2 on Alpine Linux 3.7.
Workaround:
legacy_ssl_ssl = {
key = "/path/to/certificate.key";
certificate = "/path/to/certificate.crt";
}
What steps will reproduce the problem? 1. Activate legacy_ssl (i.e. add legacy_ssl_ports = { <port_number> } to config) without manually specifying the location of the certificate/key 2. Have legacy_ssl.crt and legacy_ssl.key in the global certificates directory (e.g. under /etc/prosody/certs) 3. (Re)Start Prosody What is the expected output? portmanager debug No active service for legacy_ssl, activating... certmanager debug Searching /etc/prosody/certs for a key and certificate for legacy_ssl... certmanager debug Selecting certificate /etc/prosody/certs/legacy_ssl.crt with key /etc/prosody/certs/legacy_ssl.key for legacy_ssl What do you see instead? portmanager debug No active service for legacy_ssl, activating... certmanager debug Searching /etc/prosody/certs for a key and certificate for legacy_ssl port <port_number>... certmanager debug No certificate/key found for legacy_ssl port <port_number> portmanager error Error binding encrypted port for legacy_ssl: No key present in SSL/TLS configuration for legacy_ssl port <port_number> certmanager debug Searching /etc/prosody/certs for a key and certificate for legacy_ssl port <port_number>... certmanager debug No certificate/key found for legacy_ssl port <port_number> portmanager error Error binding encrypted port for legacy_ssl: No key present in SSL/TLS configuration for legacy_ssl port <port_number> What version of the product are you using? On what operating system? Prosody 0.10.0 on Ubuntu 16.04.3 LTS Lua 5.1 lfs: LuaFileSystem 1.6.3 libevent: 2.0.21-stable luaevent: 0.4.4 lxp: LuaExpat 1.3.0 socket: LuaSocket 3.0-rc1 ssl: 0.5.1 Please provide any additional information below. Workaround: rename the certificate/key files to "legacy_ssl port <port_number>.crt"/"legacy_ssl port <port_number>.key" The bug is located in core/certmanager.lua, line 141. The pattern used in create_context() to extract the service name and port out of host requires the service name to contain only alphanumeric characters (%w). Changing the pattern from "^(%w+) port (%d+)$" to "^([%w_]+) port (%d+)$" solves this specific issue, but others may arise with more uncommon service names.
I can confirm this problem. Prosody 0.10.0-r2 on Alpine Linux 3.7. Workaround: legacy_ssl_ssl = { key = "/path/to/certificate.key"; certificate = "/path/to/certificate.crt"; }
Fixed in https://hg.prosody.im/0.10/rev/1a29b56a2d63
Changes