Software /
code /
prosody
Comparison
core/certmanager.lua @ 12196:b05e0b422ff7
core.certmanager: Apply TLS preset before global settings (thanks Menel)
Allows overriding settings via the global 'ssl' settings as before.
This order was probably accidental. That said, 'ssl' is a giant footgun
we will want to discourage use of.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 18 Jan 2022 08:04:16 +0100 |
parent | 12150:653a48b5a25b |
child | 12197:95d25e620dc2 |
comparison
equal
deleted
inserted
replaced
12195:c5788969b812 | 12196:b05e0b422ff7 |
---|---|
348 cfg:apply({ | 348 cfg:apply({ |
349 mode = mode, | 349 mode = mode, |
350 -- We can't read the password interactively when daemonized | 350 -- We can't read the password interactively when daemonized |
351 password = function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end; | 351 password = function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end; |
352 }); | 352 }); |
353 cfg:apply(global_ssl_config); | |
354 local preset = configmanager.get("*", "tls_preset") or "intermediate"; | 353 local preset = configmanager.get("*", "tls_preset") or "intermediate"; |
355 if preset ~= "legacy" then | 354 if preset ~= "legacy" then |
356 cfg:apply(mozilla_ssl_configs[preset]); | 355 cfg:apply(mozilla_ssl_configs[preset]); |
357 end | 356 end |
357 cfg:apply(global_ssl_config); | |
358 | 358 |
359 for i = select('#', ...), 1, -1 do | 359 for i = select('#', ...), 1, -1 do |
360 cfg:apply(select(i, ...)); | 360 cfg:apply(select(i, ...)); |
361 end | 361 end |
362 local user_ssl_config = cfg:final(); | 362 local user_ssl_config = cfg:final(); |