Comparison

core/certmanager.lua @ 11549:5a484bd050a7 0.11

core.certmanager: Test for SSL options in absence of LuaSec config
author Kim Alvefur <zash@zash.se>
date Mon, 26 Apr 2021 15:32:05 +0200
parent 11548:55ef50d6cf65
child 11551:aaf9c6b6d18d
comparison
equal deleted inserted replaced
11548:55ef50d6cf65 11549:5a484bd050a7
34 34
35 local prosody = prosody; 35 local prosody = prosody;
36 local resolve_path = require"util.paths".resolve_relative_path; 36 local resolve_path = require"util.paths".resolve_relative_path;
37 local config_path = prosody.paths.config or "."; 37 local config_path = prosody.paths.config or ".";
38 38
39 local function test_option(option)
40 return not not ssl_newcontext({mode="server",protocol="sslv23",options={ option }});
41 end
42
39 local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)"); 43 local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)");
40 local luasec_version = tonumber(luasec_major) * 100 + tonumber(luasec_minor); 44 local luasec_version = tonumber(luasec_major) * 100 + tonumber(luasec_minor);
41 local luasec_has = ssl.config or softreq"ssl.config" or { 45 local luasec_has = ssl.config or softreq"ssl.config" or {
42 algorithms = { 46 algorithms = {
43 ec = luasec_version >= 5; 47 ec = luasec_version >= 5;
44 }; 48 };
45 capabilities = { 49 capabilities = {
46 curves_list = luasec_version >= 7; 50 curves_list = luasec_version >= 7;
47 }; 51 };
48 options = { 52 options = {
49 cipher_server_preference = luasec_version >= 2; 53 cipher_server_preference = test_option("cipher_server_preference");
50 no_ticket = luasec_version >= 4; 54 no_ticket = test_option("no_ticket");
51 no_compression = luasec_version >= 5; 55 no_compression = test_option("no_compression");
52 single_dh_use = luasec_version >= 2; 56 single_dh_use = test_option("single_dh_use");
53 single_ecdh_use = luasec_version >= 2; 57 single_ecdh_use = test_option("single_ecdh_use");
54 }; 58 };
55 }; 59 };
56 60
57 local _ENV = nil; 61 local _ENV = nil;
58 -- luacheck: std none 62 -- luacheck: std none