Merge 0.9 -> 0.10

author Kim Alvefur <zash@zash.se>

Thu, 31 Oct 2013 19:47:57 +0000 (20:47 +0100)

committer Kim Alvefur <zash@zash.se>

Thu, 31 Oct 2013 19:47:57 +0000 (20:47 +0100)
author Kim Alvefur <zash@zash.se>
Thu, 31 Oct 2013 19:47:57 +0000 (20:47 +0100)
committer Kim Alvefur <zash@zash.se>
Thu, 31 Oct 2013 19:47:57 +0000 (20:47 +0100)
diff --cc core/certmanager.lua

index e803058161c59a49cab3c06afafa649445175d73,e820c91427ffcb5816acd923c041b3b3afa72be2..dc22bb46ff54b8413cbef706cf0260dcc10e4c71
--- 1/core/certmanager.lua
--- 2/core/certmanager.lua
+++ b/core/certmanager.lua
@@@ -31,20 -30,11 +31,20 @@@ en
   module "certmanager"
   
   -- Global SSL options if not overridden per-host
- -local default_ssl_config = configmanager.get("*", "ssl");
- -local default_capath = "/etc/ssl/certs";
- -local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none";
- -local default_options = { "no_sslv2", "no_sslv3", luasec_has_noticket and "no_ticket" or nil };
- -local default_verifyext = { "lsec_continue", "lsec_ignore_purpose" };
+ +local global_ssl_config = configmanager.get("*", "ssl");
+ +
+ +local core_defaults = {
+ +      capath = "/etc/ssl/certs";
+ +      protocol = "sslv23";
+ +      verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none";
-       options = { "no_sslv2", luasec_has_noticket and "no_ticket" or nil };
++      options = { "no_sslv2", "no_sslv3", luasec_has_noticket and "no_ticket" or nil };
+ +      verifyext = { "lsec_continue", "lsec_ignore_purpose" };
+ +      curve = "secp384r1";
+ +      ciphers = "HIGH:!DSS:!aNULL@STRENGTH";
+ +}
+ +local path_options = { -- These we pass through resolve_path()
+ +      key = true, certificate = true, cafile = true, capath = true, dhparam = true
+ +}
   
   if ssl and not luasec_has_verifyext and ssl.x509 then
         -- COMPAT mw/luasec-hg
author	Kim Alvefur <zash@zash.se>
	Thu, 31 Oct 2013 19:47:57 +0000 (20:47 +0100)
committer	Kim Alvefur <zash@zash.se>
	Thu, 31 Oct 2013 19:47:57 +0000 (20:47 +0100)