mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-04 13:47:41 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

core.certmanager: Validate that 'tls_profile' is one of the valid values

Browse source 
A typo should not result in ending up with "legacy"
This commit is contained in:
Kim Alvefur 2023-10-27 19:03:59 +02:00
parent 4d9916d1e5
commit e8128c1d60
1 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
core/certmanager.lua
View file

@ -336,8 +336,11 @@ local function create_context(host, mode, ...)
password = function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end; password = function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end;
}); });
local profile = configmanager.get("*", "tls_profile") or "intermediate"; local profile = configmanager.get("*", "tls_profile") or "intermediate";
if profile ~= "legacy" then if mozilla_ssl_configs[profile] then
cfg:apply(mozilla_ssl_configs[profile]); cfg:apply(mozilla_ssl_configs[profile]);
elseif profile ~= "legacy" then
log("error", "Invalid value for 'tls_profile': expected one of \"modern\", \"intermediate\" (default), \"old\" or \"legacy\" but got %q", profile);
return nil, "Invalid configuration, 'tls_profile' had an unknown value.";
end end
cfg:apply(global_ssl_config); cfg:apply(global_ssl_config);