Comparison

core/certmanager.lua @ 4359:c69cbac4178f

certmanager: Support setting ciphers in SSL config. LuaSec apparently ignores the documented ciphers option.
author Waqas Hussain <waqas20@gmail.com>
date Thu, 25 Aug 2011 12:09:16 +0500
parent 3670:d6ba317cbc97
child 4408:21881619a394
comparison
equal deleted inserted replaced
4358:86be454168fb 4359:c69cbac4178f
39 certificate = resolve_path(config_path, user_ssl_config.certificate); 39 certificate = resolve_path(config_path, user_ssl_config.certificate);
40 capath = resolve_path(config_path, user_ssl_config.capath or default_capath); 40 capath = resolve_path(config_path, user_ssl_config.capath or default_capath);
41 cafile = resolve_path(config_path, user_ssl_config.cafile); 41 cafile = resolve_path(config_path, user_ssl_config.cafile);
42 verify = user_ssl_config.verify or default_verify; 42 verify = user_ssl_config.verify or default_verify;
43 options = user_ssl_config.options or default_options; 43 options = user_ssl_config.options or default_options;
44 ciphers = user_ssl_config.ciphers;
45 depth = user_ssl_config.depth; 44 depth = user_ssl_config.depth;
46 }; 45 };
47 46
48 local ctx, err = ssl_newcontext(ssl_config); 47 local ctx, err = ssl_newcontext(ssl_config);
48
49 -- LuaSec ignores the cipher list from the config, so we have to take care
50 -- of it ourselves (W/A for #x)
51 if ctx and user_ssl_config.ciphers then
52 local success;
53 success, err = ssl.context.setcipher(ctx, user_ssl_config.ciphers);
54 if not success then ctx = nil; end
55 end
56
49 if not ctx then 57 if not ctx then
50 err = err or "invalid ssl config" 58 err = err or "invalid ssl config"
51 local file = err:match("^error loading (.-) %("); 59 local file = err:match("^error loading (.-) %(");
52 if file then 60 if file then
53 if file == "private key" then 61 if file == "private key" then