Merge 0.9->trunk

author Matthew Wild <mwild1@gmail.com>

Sat, 13 Jul 2013 12:17:53 +0000 (13:17 +0100)

committer Matthew Wild <mwild1@gmail.com>

Sat, 13 Jul 2013 12:17:53 +0000 (13:17 +0100)
author Matthew Wild <mwild1@gmail.com>
Sat, 13 Jul 2013 12:17:53 +0000 (13:17 +0100)
committer Matthew Wild <mwild1@gmail.com>
Sat, 13 Jul 2013 12:17:53 +0000 (13:17 +0100)
diff --cc core/certmanager.lua

index 5dee58765bcbf72a81a0fe74c3d2b8a6166bb677,92b63ec3596335880abca2e7561b916926d1e355..dc08cb78456e7a246d0e8fa6f072b72a8c739890
--- 1/core/certmanager.lua
--- 2/core/certmanager.lua
+++ b/core/certmanager.lua
@@@ -28,11 -29,19 +29,20 @@@ en
   module "certmanager"
   
   -- Global SSL options if not overridden per-host
- local default_ssl_config = configmanager.get("*", "ssl");
- local default_capath = "/etc/ssl/certs";
- local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none";
- local default_options = { "no_sslv2", luasec_has_noticket and "no_ticket" or nil };
- local default_verifyext = { "lsec_continue", "lsec_ignore_purpose" };
+ local global_ssl_config = configmanager.get("*", "ssl");
+ 
+ local core_defaults = {
+       capath = "/etc/ssl/certs";
+       protocol = "sslv23";
+       verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none";
+       options = { "no_sslv2", luasec_has_noticket and "no_ticket" or nil };
+       verifyext = { "lsec_continue", "lsec_ignore_purpose" };
+       curve = "secp384r1";
++      ciphers = "HIGH:!DSS:!aNULL@STRENGTH";
+ }
+ local path_options = { -- These we pass through resolve_path()
+       key = true, certificate = true, cafile = true, capath = true
+ }
   
   if ssl and not luasec_has_verifyext and ssl.x509 then
         -- COMPAT mw/luasec-hg
author	Matthew Wild <mwild1@gmail.com>
	Sat, 13 Jul 2013 12:17:53 +0000 (13:17 +0100)
committer	Matthew Wild <mwild1@gmail.com>
	Sat, 13 Jul 2013 12:17:53 +0000 (13:17 +0100)