projects / prosody.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: 006a8cc 6d960d7)
Merge 0.9->0.10
authorMatthew Wild <mwild1@gmail.com>
Sat, 9 Nov 2013 18:36:32 +0000 (18:36 +0000)
committerMatthew Wild <mwild1@gmail.com>
Sat, 9 Nov 2013 18:36:32 +0000 (18:36 +0000)
1  2 
core/certmanager.lua patch | diff1 | diff2 | blob | history

diff --cc core/certmanager.lua
index 0503f40e903efe82edf28a386c3e52ac337d92ec,dc22bb46ff54b8413cbef706cf0260dcc10e4c71..d9d722f3b74f1e0855a49db9cad254251707af52
--- 1/core/certmanager.lua
--- 2/core/certmanager.lua
+++ b/core/certmanager.lua
@@@ -30,11 -31,20 +31,20 @@@ en
  module "certmanager"
  
  -- Global SSL options if not overridden per-host
- local default_ssl_config = configmanager.get("*", "ssl");
- local default_capath = "/etc/ssl/certs";
- local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none";
- local default_options = { "no_sslv2", "no_sslv3", "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil };
- local default_verifyext = { "lsec_continue", "lsec_ignore_purpose" };
+ local global_ssl_config = configmanager.get("*", "ssl");
+ local core_defaults = {
+       capath = "/etc/ssl/certs";
+       protocol = "sslv23";
+       verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none";
 -      options = { "no_sslv2", "no_sslv3", luasec_has_noticket and "no_ticket" or nil };
++      options = { "no_sslv2", "no_sslv3", "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil };
+       verifyext = { "lsec_continue", "lsec_ignore_purpose" };
+       curve = "secp384r1";
+       ciphers = "HIGH:!DSS:!aNULL@STRENGTH";
+ }
+ local path_options = { -- These we pass through resolve_path()
+       key = true, certificate = true, cafile = true, capath = true, dhparam = true
+ }
  
  if ssl and not luasec_has_verifyext and ssl.x509 then
        -- COMPAT mw/luasec-hg