prosody
b05e0b422ff7
core/certmanager.lua
Software / code / prosody
Comparison
core/certmanager.lua @ 12196:b05e0b422ff7
core.certmanager: Apply TLS preset before global settings (thanks Menel)
Allows overriding settings via the global 'ssl' settings as before.
This order was probably accidental. That said, 'ssl' is a giant footgun
we will want to discourage use of.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 18 Jan 2022 08:04:16 +0100 |
| parent | 12150:653a48b5a25b |
| child | 12197:95d25e620dc2 |
comparison
equal
deleted
inserted
replaced
| 12195:c5788969b812 | 12196:b05e0b422ff7 |
|---|---|
| 348 cfg:apply({ | 348 cfg:apply({ |
| 349 mode = mode, | 349 mode = mode, |
| 350 -- We can't read the password interactively when daemonized | 350 -- We can't read the password interactively when daemonized |
| 351 password = function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end; | 351 password = function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end; |
| 352 }); | 352 }); |
| 353 cfg:apply(global_ssl_config); | |
| 354 local preset = configmanager.get("*", "tls_preset") or "intermediate"; | 353 local preset = configmanager.get("*", "tls_preset") or "intermediate"; |
| 355 if preset ~= "legacy" then | 354 if preset ~= "legacy" then |
| 356 cfg:apply(mozilla_ssl_configs[preset]); | 355 cfg:apply(mozilla_ssl_configs[preset]); |
| 357 end | 356 end |
| 357 cfg:apply(global_ssl_config); | |
| 358 | 358 |
| 359 for i = select('#', ...), 1, -1 do | 359 for i = select('#', ...), 1, -1 do |
| 360 cfg:apply(select(i, ...)); | 360 cfg:apply(select(i, ...)); |
| 361 end | 361 end |
| 362 local user_ssl_config = cfg:final(); | 362 local user_ssl_config = cfg:final(); |
