mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-04 05:37:39 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

core.certmanager: Support 'use_dane' setting to enable DANE support

Browse source 
Removes the need to enable DANE with two separate settings.
Previously you had to also set `ssl = { dane = true }` to activate DANE
support in LuaSec and OpenSSL.
This commit is contained in:
Kim Alvefur 2021-07-18 22:46:57 +02:00
parent 360eda6cd3
commit 4d26d4cb15
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
core/certmanager.lua
View file

@ -244,6 +244,7 @@ local core_defaults = {
"!3DES", -- 3DES - slow and of questionable security
"!aNULL", -- Ciphers that does not authenticate the connection
};
dane = configmanager.get("*", "use_dane");
}
if luasec_has.curves then
@ -360,6 +361,7 @@ local function reload_ssl_config()
if luasec_has.options.no_compression then
core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true;
end
core_defaults.dane = configmanager.get("*", "use_dane") or false;
cert_index = index_certs(resolve_path(config_path, global_certificates));
end