prosody
05c0ac580552
core/certmanager.lua
Software / code / prosody
Comparison
core/certmanager.lua @ 13303:05c0ac580552
core.certmanager: Handle dane context setting same way on reload as on initialization
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 04 Nov 2023 15:59:51 +0100 |
| parent | 13294:4a05fbda927f |
| child | 13503:8b68e8faab52 |
comparison
equal
deleted
inserted
replaced
| 13302:30b7cd40ee14 | 13303:05c0ac580552 |
|---|---|
| 367 global_ssl_config = configmanager.get("*", "ssl"); | 367 global_ssl_config = configmanager.get("*", "ssl"); |
| 368 global_certificates = configmanager.get("*", "certificates") or "certs"; | 368 global_certificates = configmanager.get("*", "certificates") or "certs"; |
| 369 if tls.features.options.no_compression then | 369 if tls.features.options.no_compression then |
| 370 core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true; | 370 core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true; |
| 371 end | 371 end |
| 372 core_defaults.dane = configmanager.get("*", "use_dane") or false; | 372 if not configmanager.get("*", "use_dane") then |
| 373 core_defaults.dane = false; | |
| 374 elseif tls.features.capabilities.dane then | |
| 375 core_defaults.dane = { "no_ee_namechecks" }; | |
| 376 else | |
| 377 core_defaults.dane = true; | |
| 378 end | |
| 373 cert_index = index_certs(resolve_path(config_path, global_certificates)); | 379 cert_index = index_certs(resolve_path(config_path, global_certificates)); |
| 374 end | 380 end |
| 375 | 381 |
| 376 prosody.events.add_handler("config-reloaded", reload_ssl_config); | 382 prosody.events.add_handler("config-reloaded", reload_ssl_config); |
| 377 | 383 |
