~samwhited/xmpp

64c9c795771af3282e55dda097864f5af0177989 — Sam Whited a month ago ad83ceb
internal/integration/prosody: trust all certs

Adds an option to trust all client certs presented to prosody so that
our self-signed certs will be accepted.
The option works by using the new modules option and the TempFile option
to write out a small lua plugin to do the job.
This opens up a lot more flexibility for customization of prosody, but
also makes it possible that we customize prosody too much and lose the
integrity of our tests, so we should use this approach with caution.

Signed-off-by: Sam Whited <sam@samwhited.com>
1 files changed, 25 insertions(+), 0 deletions(-)

M internal/integration/prosody/prosody.go
M internal/integration/prosody/prosody.go => internal/integration/prosody/prosody.go +25 -0
@@ 176,6 176,31 @@ func Modules(mod ...string) integration.Option {
	}
}

// TrustAll configures prosody to trust all certificates presented to it without
// any verification.
func TrustAll() integration.Option {
	const modName = "trustall"
	return func(cmd *integration.Cmd) error {
		err := Modules(modName)(cmd)
		if err != nil {
			return err
		}
		return integration.TempFile("mod_"+modName+".lua", func(_ *integration.Cmd, w io.Writer) error {
			_, err := io.WriteString(w, `
module:set_global();

module:hook("s2s-check-certificate", function(event)
	local session = event.session;
	module:log("info", "implicitly trusting presented certificate");
	session.cert_chain_status = "valid";
	session.cert_identity_status = "valid";
	return true;
end);`)
			return err
		})(cmd)
	}
}

func defaultConfig(cmd *integration.Cmd) error {
	for _, arg := range cmd.Cmd.Args {
		if arg == configFlag {