prosody
1b0ac7950129
core/certmanager.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

core/certmanager.lua @ 5895:1b0ac7950129

certmanager: Disable SSLv3 by default
author Kim Alvefur <zash@zash.se>
date Thu, 31 Oct 2013 19:00:36 +0100
parent 5820:6bc4077bc1f9
child 5896:019130907a07
child 5901:1d13f73af58e
comparison
equal deleted inserted replaced
5864:22b1d18eb919 5895:1b0ac7950129
31 31
32 -- Global SSL options if not overridden per-host 32 -- Global SSL options if not overridden per-host
33 local default_ssl_config = configmanager.get("*", "ssl"); 33 local default_ssl_config = configmanager.get("*", "ssl");
34 local default_capath = "/etc/ssl/certs"; 34 local default_capath = "/etc/ssl/certs";
35 local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none"; 35 local default_verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none";
36 local default_options = { "no_sslv2", luasec_has_noticket and "no_ticket" or nil }; 36 local default_options = { "no_sslv2", "no_sslv3", luasec_has_noticket and "no_ticket" or nil };
37 local default_verifyext = { "lsec_continue", "lsec_ignore_purpose" }; 37 local default_verifyext = { "lsec_continue", "lsec_ignore_purpose" };
38 38
39 if ssl and not luasec_has_verifyext and ssl.x509 then 39 if ssl and not luasec_has_verifyext and ssl.x509 then
40 -- COMPAT mw/luasec-hg 40 -- COMPAT mw/luasec-hg
41 for i=1,#default_verifyext do -- Remove lsec_ prefix 41 for i=1,#default_verifyext do -- Remove lsec_ prefix