prosody
ba39d3a1d42e
core/certmanager.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

core/certmanager.lua @ 8403:ba39d3a1d42e

certmanager: Change table representing LuaSec capabilities to match capabilities table exposed in LuaSec 0.7
author Kim Alvefur <zash@zash.se>
date Mon, 20 Nov 2017 00:25:18 +0100
parent 8279:92cddfe65003
child 8404:ca52d40e74da
comparison
equal deleted inserted replaced
8391:5edb0d01a94f 8403:ba39d3a1d42e
35 local resolve_path = require"util.paths".resolve_relative_path; 35 local resolve_path = require"util.paths".resolve_relative_path;
36 local config_path = prosody.paths.config or "."; 36 local config_path = prosody.paths.config or ".";
37 37
38 local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)"); 38 local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)");
39 local luasec_version = tonumber(luasec_major) * 100 + tonumber(luasec_minor); 39 local luasec_version = tonumber(luasec_major) * 100 + tonumber(luasec_minor);
40 local luasec_has = { 40 local luasec_has = softreq"ssl.config" or {
41 -- TODO If LuaSec ever starts exposing these things itself, use that instead 41 algorithms = {
42 cipher_server_preference = luasec_version >= 2; 42 ec = luasec_version >= 5;
43 no_ticket = luasec_version >= 4; 43 };
44 no_compression = luasec_version >= 5; 44 capabilities = {
45 single_dh_use = luasec_version >= 2; 45 curves_list = luasec_version >= 7;
46 single_ecdh_use = luasec_version >= 2; 46 };
47 options = {
48 cipher_server_preference = luasec_version >= 2;
49 no_ticket = luasec_version >= 4;
50 no_compression = luasec_version >= 5;
51 single_dh_use = luasec_version >= 2;
52 single_ecdh_use = luasec_version >= 2;
53 };
47 }; 54 };
48 55
49 local _ENV = nil; 56 local _ENV = nil;
50 57
51 -- Global SSL options if not overridden per-host 58 -- Global SSL options if not overridden per-host
97 capath = "/etc/ssl/certs"; 104 capath = "/etc/ssl/certs";
98 depth = 9; 105 depth = 9;
99 protocol = "tlsv1+"; 106 protocol = "tlsv1+";
100 verify = (ssl_x509 and { "peer", "client_once", }) or "none"; 107 verify = (ssl_x509 and { "peer", "client_once", }) or "none";
101 options = { 108 options = {
102 cipher_server_preference = luasec_has.cipher_server_preference; 109 cipher_server_preference = luasec_has.options.cipher_server_preference;
103 no_ticket = luasec_has.no_ticket; 110 no_ticket = luasec_has.options.no_ticket;
104 no_compression = luasec_has.no_compression and configmanager.get("*", "ssl_compression") ~= true; 111 no_compression = luasec_has.options.no_compression and configmanager.get("*", "ssl_compression") ~= true;
105 single_dh_use = luasec_has.single_dh_use; 112 single_dh_use = luasec_has.options.single_dh_use;
106 single_ecdh_use = luasec_has.single_ecdh_use; 113 single_ecdh_use = luasec_has.options.single_ecdh_use;
107 }; 114 };
108 verifyext = { "lsec_continue", "lsec_ignore_purpose" }; 115 verifyext = { "lsec_continue", "lsec_ignore_purpose" };
109 curve = "secp384r1"; 116 curve = "secp384r1";
110 curveslist = { 117 curveslist = {
111 "X25519", 118 "X25519",
225 end 232 end
226 233
227 local function reload_ssl_config() 234 local function reload_ssl_config()
228 global_ssl_config = configmanager.get("*", "ssl"); 235 global_ssl_config = configmanager.get("*", "ssl");
229 global_certificates = configmanager.get("*", "certificates") or "certs"; 236 global_certificates = configmanager.get("*", "certificates") or "certs";
230 if luasec_has.no_compression then 237 if luasec_has.options.no_compression then
231 core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true; 238 core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true;
232 end 239 end
233 end 240 end
234 241
235 prosody.events.add_handler("config-reloaded", reload_ssl_config); 242 prosody.events.add_handler("config-reloaded", reload_ssl_config);