Software /
code /
prosody
Comparison
core/certmanager.lua @ 4359:c69cbac4178f
certmanager: Support setting ciphers in SSL config. LuaSec apparently ignores the documented ciphers option.
author | Waqas Hussain <waqas20@gmail.com> |
---|---|
date | Thu, 25 Aug 2011 12:09:16 +0500 |
parent | 3670:d6ba317cbc97 |
child | 4408:21881619a394 |
comparison
equal
deleted
inserted
replaced
4358:86be454168fb | 4359:c69cbac4178f |
---|---|
39 certificate = resolve_path(config_path, user_ssl_config.certificate); | 39 certificate = resolve_path(config_path, user_ssl_config.certificate); |
40 capath = resolve_path(config_path, user_ssl_config.capath or default_capath); | 40 capath = resolve_path(config_path, user_ssl_config.capath or default_capath); |
41 cafile = resolve_path(config_path, user_ssl_config.cafile); | 41 cafile = resolve_path(config_path, user_ssl_config.cafile); |
42 verify = user_ssl_config.verify or default_verify; | 42 verify = user_ssl_config.verify or default_verify; |
43 options = user_ssl_config.options or default_options; | 43 options = user_ssl_config.options or default_options; |
44 ciphers = user_ssl_config.ciphers; | |
45 depth = user_ssl_config.depth; | 44 depth = user_ssl_config.depth; |
46 }; | 45 }; |
47 | 46 |
48 local ctx, err = ssl_newcontext(ssl_config); | 47 local ctx, err = ssl_newcontext(ssl_config); |
48 | |
49 -- LuaSec ignores the cipher list from the config, so we have to take care | |
50 -- of it ourselves (W/A for #x) | |
51 if ctx and user_ssl_config.ciphers then | |
52 local success; | |
53 success, err = ssl.context.setcipher(ctx, user_ssl_config.ciphers); | |
54 if not success then ctx = nil; end | |
55 end | |
56 | |
49 if not ctx then | 57 if not ctx then |
50 err = err or "invalid ssl config" | 58 err = err or "invalid ssl config" |
51 local file = err:match("^error loading (.-) %("); | 59 local file = err:match("^error loading (.-) %("); |
52 if file then | 60 if file then |
53 if file == "private key" then | 61 if file == "private key" then |