Software /
code /
prosody
Comparison
core/certmanager.lua @ 11709:5810166f35d5
core.certmanager: Support 'use_dane' setting to enable DANE support
Removes the need to enable DANE with two separate settings.
Previously you had to also set `ssl = { dane = true }` to activate DANE
support in LuaSec and OpenSSL.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 18 Jul 2021 22:46:57 +0200 |
parent | 11591:e7a964572f6b |
child | 12096:dfb29b5b0a57 |
comparison
equal
deleted
inserted
replaced
11708:5ef729c355f3 | 11709:5810166f35d5 |
---|---|
242 "!PSK", -- Pre-Shared Key - not used for XMPP | 242 "!PSK", -- Pre-Shared Key - not used for XMPP |
243 "!SRP", -- Secure Remote Password - not used for XMPP | 243 "!SRP", -- Secure Remote Password - not used for XMPP |
244 "!3DES", -- 3DES - slow and of questionable security | 244 "!3DES", -- 3DES - slow and of questionable security |
245 "!aNULL", -- Ciphers that does not authenticate the connection | 245 "!aNULL", -- Ciphers that does not authenticate the connection |
246 }; | 246 }; |
247 dane = configmanager.get("*", "use_dane"); | |
247 } | 248 } |
248 | 249 |
249 if luasec_has.curves then | 250 if luasec_has.curves then |
250 for i = #core_defaults.curveslist, 1, -1 do | 251 for i = #core_defaults.curveslist, 1, -1 do |
251 if not luasec_has.curves[ core_defaults.curveslist[i] ] then | 252 if not luasec_has.curves[ core_defaults.curveslist[i] ] then |
358 global_ssl_config = configmanager.get("*", "ssl"); | 359 global_ssl_config = configmanager.get("*", "ssl"); |
359 global_certificates = configmanager.get("*", "certificates") or "certs"; | 360 global_certificates = configmanager.get("*", "certificates") or "certs"; |
360 if luasec_has.options.no_compression then | 361 if luasec_has.options.no_compression then |
361 core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true; | 362 core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true; |
362 end | 363 end |
364 core_defaults.dane = configmanager.get("*", "use_dane") or false; | |
363 cert_index = index_certs(resolve_path(config_path, global_certificates)); | 365 cert_index = index_certs(resolve_path(config_path, global_certificates)); |
364 end | 366 end |
365 | 367 |
366 prosody.events.add_handler("config-reloaded", reload_ssl_config); | 368 prosody.events.add_handler("config-reloaded", reload_ssl_config); |
367 | 369 |