prosody
6ea3cafb6ac3
core/certmanager.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

core/certmanager.lua @ 9852:6ea3cafb6ac3

core.certmanager: Do not ask for client certificates by default Since it's mostly only mod_s2s that needs to request client certificates it makes some sense to have mod_s2s ask for this, instead of having eg mod_http ask to disable it.
author Kim Alvefur <zash@zash.se>
date Sun, 10 Mar 2019 19:58:28 +0100
parent 8828:2a0d7fa4c56a
child 10224:94e341dee51c
comparison
equal deleted inserted replaced
9851:75d2874502c3 9852:6ea3cafb6ac3
104 -- Built-in defaults 104 -- Built-in defaults
105 local core_defaults = { 105 local core_defaults = {
106 capath = "/etc/ssl/certs"; 106 capath = "/etc/ssl/certs";
107 depth = 9; 107 depth = 9;
108 protocol = "tlsv1+"; 108 protocol = "tlsv1+";
109 verify = (ssl_x509 and { "peer", "client_once", }) or "none"; 109 verify = "none";
110 options = { 110 options = {
111 cipher_server_preference = luasec_has.options.cipher_server_preference; 111 cipher_server_preference = luasec_has.options.cipher_server_preference;
112 no_ticket = luasec_has.options.no_ticket; 112 no_ticket = luasec_has.options.no_ticket;
113 no_compression = luasec_has.options.no_compression and configmanager.get("*", "ssl_compression") ~= true; 113 no_compression = luasec_has.options.no_compression and configmanager.get("*", "ssl_compression") ~= true;
114 single_dh_use = luasec_has.options.single_dh_use; 114 single_dh_use = luasec_has.options.single_dh_use;