mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-04 05:37:39 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

core.certmanager: Handle dane context setting same way on reload as on initialization

Browse source
This commit is contained in:
Kim Alvefur 2023-11-04 15:59:51 +01:00
parent 717ea33160
commit 7b6a2f64e2
1 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
core/certmanager.lua
View file

@ -369,7 +369,13 @@ local function reload_ssl_config()
if tls.features.options.no_compression then
core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true;
end
core_defaults.dane = configmanager.get("*", "use_dane") or false;
if not configmanager.get("*", "use_dane") then
core_defaults.dane = false;
elseif tls.features.capabilities.dane then
core_defaults.dane = { "no_ee_namechecks" };
else
core_defaults.dane = true;
end
cert_index = index_certs(resolve_path(config_path, global_certificates));
end