prosody
61da4491eebc
net/tls_luasec.lua
Software / code / prosody
Comparison
net/tls_luasec.lua @ 13502:61da4491eebc
util.sslconfig: Support DH parameters as literal string
Simplifies shipping well-known DH parameters in the config
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 12 Jul 2024 15:21:08 +0200 |
| parent | 13116:58e793288d9c |
comparison
equal
deleted
inserted
replaced
| 13501:05f028de4c45 | 13502:61da4491eebc |
|---|---|
| 52 | 52 |
| 53 local function new_context(cfg, builder) | 53 local function new_context(cfg, builder) |
| 54 -- LuaSec expects dhparam to be a callback that takes two arguments. | 54 -- LuaSec expects dhparam to be a callback that takes two arguments. |
| 55 -- We ignore those because it is mostly used for having a separate | 55 -- We ignore those because it is mostly used for having a separate |
| 56 -- set of params for EXPORT ciphers, which we don't have by default. | 56 -- set of params for EXPORT ciphers, which we don't have by default. |
| 57 if type(cfg.dhparam) == "string" then | 57 if type(cfg.dhparam) == "string" and cfg.dhparam:sub(1, 10) == "-----BEGIN" then |
| 58 local dhparam = cfg.dhparam; | |
| 59 cfg.dhparam = function() return dhparam; end | |
| 60 elseif type(cfg.dhparam) == "string" then | |
| 58 local f, err = io_open(cfg.dhparam); | 61 local f, err = io_open(cfg.dhparam); |
| 59 if not f then return nil, "Could not open DH parameters: "..err end | 62 if not f then return nil, "Could not open DH parameters: "..err end |
| 60 local dhparam = f:read("*a"); | 63 local dhparam = f:read("*a"); |
| 61 f:close(); | 64 f:close(); |
| 62 cfg.dhparam = function() return dhparam; end | 65 cfg.dhparam = function() return dhparam; end |
