projects
/
prosody.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge 0.9->0.10
[prosody.git]
/
core
/
certmanager.lua
diff --git
a/core/certmanager.lua
b/core/certmanager.lua
index 3de3f7f7447c5311ee56c600cc6de3cae44bd924..b40c13c1c8951f906c353cef524cb50ca680cdab 100644
(file)
--- a/
core/certmanager.lua
+++ b/
core/certmanager.lua
@@
-38,11
+38,11
@@
local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)");
local luasec_version = luasec_major * 100 + luasec_minor;
local luasec_has = {
-- TODO If LuaSec ever starts exposing these things itself, use that instead
local luasec_version = luasec_major * 100 + luasec_minor;
local luasec_has = {
-- TODO If LuaSec ever starts exposing these things itself, use that instead
- cipher_server_preference =
true
;
+ cipher_server_preference =
luasec_version >= 2
;
no_ticket = luasec_version >= 4;
no_compression = luasec_version >= 5;
no_ticket = luasec_version >= 4;
no_compression = luasec_version >= 5;
- single_dh_use = luasec_version >=
5
;
- single_ecdh_use = luasec_version >=
5
;
+ single_dh_use = luasec_version >=
2
;
+ single_ecdh_use = luasec_version >=
2
;
};
module "certmanager"
};
module "certmanager"
@@
-53,6
+53,7
@@
local global_ssl_config = configmanager.get("*", "ssl");
-- Built-in defaults
local core_defaults = {
capath = "/etc/ssl/certs";
-- Built-in defaults
local core_defaults = {
capath = "/etc/ssl/certs";
+ depth = 9;
protocol = "tlsv1+";
verify = (ssl_x509 and { "peer", "client_once", }) or "none";
options = {
protocol = "tlsv1+";
verify = (ssl_x509 and { "peer", "client_once", }) or "none";
options = {
@@
-70,7
+71,7
@@
local path_options = { -- These we pass through resolve_path()
key = true, certificate = true, cafile = true, capath = true, dhparam = true
}
key = true, certificate = true, cafile = true, capath = true, dhparam = true
}
-if
not luasec_has_verifyext
and ssl_x509 then
+if
luasec_version < 5
and ssl_x509 then
-- COMPAT mw/luasec-hg
for i=1,#core_defaults.verifyext do -- Remove lsec_ prefix
core_defaults.verify[#core_defaults.verify+1] = core_defaults.verifyext[i]:sub(6);
-- COMPAT mw/luasec-hg
for i=1,#core_defaults.verifyext do -- Remove lsec_ prefix
core_defaults.verify[#core_defaults.verify+1] = core_defaults.verifyext[i]:sub(6);