certmanager: Move ssl.protocol handling to after ssl.options is a table (thanks Ralph)

diff --git a/core/certmanager.lua b/core/certmanager.lua
index ced17e5862d86825751fc87003c91610e0ad9165..74da771e619add5637d5a7f539b8ce96cc3ccdc0 100644 (file)
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -16,6 +16,7 @@ local pairs = pairs;
 local type = type;
 local io_open = io.open;
 local t_concat = table.concat;
+local t_insert = table.insert;
 
 local prosody = prosody;
 local resolve_path = configmanager.resolve_relative_path;
@@ -100,14 +101,6 @@ function create_context(host, mode, user_ssl_config)
                end
        end
 
-       local min_protocol = protocols[user_ssl_config.protocol];
-       if min_protocol then
-               user_ssl_config.protocol = "sslv23";
-               for i = min_protocol, 1, -1 do
-                       user_ssl_config.options["no_"..protocols[i]] = true;
-               end
-       end
-
        for option in pairs(set_options) do
                local merged = {};
                merge_set(core_defaults[option], merged);
@@ -124,6 +117,14 @@ function create_context(host, mode, user_ssl_config)
                user_ssl_config[option] = final_array;
        end
 
+       local min_protocol = protocols[user_ssl_config.protocol];
+       if min_protocol then
+               user_ssl_config.protocol = "sslv23";
+               for i = 1, min_protocol do
+                       t_insert(user_ssl_config.options, "no_"..protocols[i]);
+               end
+       end
+
        -- We can't read the password interactively when daemonized
        user_ssl_config.password = user_ssl_config.password or
                function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end;