prosody
63cfd59999b6
core/certmanager.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

core/certmanager.lua @ 5621:63cfd59999b6

certmanager: Disable SSL compression if possible (LuaSec 0.5 or 0.4.1+OpenSSL 1.x)
author Matthew Wild <mwild1@gmail.com>
date Wed, 22 May 2013 14:32:02 +0100
parent 5377:898454038524
child 5656:576488cffc3a
child 5673:9ca4d1ada906
comparison
equal deleted inserted replaced
5598:3bb8aefd8ce0 5621:63cfd59999b6
15 15
16 local prosody = prosody; 16 local prosody = prosody;
17 local resolve_path = configmanager.resolve_relative_path; 17 local resolve_path = configmanager.resolve_relative_path;
18 local config_path = prosody.paths.config; 18 local config_path = prosody.paths.config;
19 19
20 local luasec_has_noticket, luasec_has_verifyext; 20 local luasec_has_noticket, luasec_has_verifyext, luasec_has_no_compression;
21 if ssl then 21 if ssl then
22 local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)"); 22 local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)");
23 luasec_has_noticket = tonumber(luasec_major)>0 or tonumber(luasec_minor)>=4; 23 luasec_has_noticket = tonumber(luasec_major)>0 or tonumber(luasec_minor)>=4;
24 luasec_has_verifyext = tonumber(luasec_major)>0 or tonumber(luasec_minor)>=5; 24 luasec_has_verifyext = tonumber(luasec_major)>0 or tonumber(luasec_minor)>=5;
25 luasec_has_no_compression = tonumber(luasec_major)>0 or tonumber(luasec_minor)>=5;
25 end 26 end
26 27
27 module "certmanager" 28 module "certmanager"
28 29
29 -- Global SSL options if not overridden per-host 30 -- Global SSL options if not overridden per-host
36 if ssl and not luasec_has_verifyext and ssl.x509 then 37 if ssl and not luasec_has_verifyext and ssl.x509 then
37 -- COMPAT mw/luasec-hg 38 -- COMPAT mw/luasec-hg
38 for i=1,#default_verifyext do -- Remove lsec_ prefix 39 for i=1,#default_verifyext do -- Remove lsec_ prefix
39 default_verify[#default_verify+1] = default_verifyext[i]:sub(6); 40 default_verify[#default_verify+1] = default_verifyext[i]:sub(6);
40 end 41 end
42 end
43 if luasec_has_no_compression and configmanager.get("*", "ssl_compression") ~= true then
44 default_options[#default_options+1] = "no_compression";
41 end 45 end
42 46
43 function create_context(host, mode, user_ssl_config) 47 function create_context(host, mode, user_ssl_config)
44 user_ssl_config = user_ssl_config or default_ssl_config; 48 user_ssl_config = user_ssl_config or default_ssl_config;
45 49