prosody
ca52d40e74da
core/certmanager.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

core/certmanager.lua @ 8404:ca52d40e74da

certmanager: Filter out curves not supported by LuaSec
author Kim Alvefur <zash@zash.se>
date Mon, 20 Nov 2017 00:26:41 +0100
parent 8403:ba39d3a1d42e
child 8405:a3cf899fd61b
comparison
equal deleted inserted replaced
8403:ba39d3a1d42e 8404:ca52d40e74da
25 local new_config = require"util.sslconfig".new; 25 local new_config = require"util.sslconfig".new;
26 local stat = require "lfs".attributes; 26 local stat = require "lfs".attributes;
27 27
28 local tonumber, tostring = tonumber, tostring; 28 local tonumber, tostring = tonumber, tostring;
29 local pairs = pairs; 29 local pairs = pairs;
30 local t_remove = table.remove;
30 local type = type; 31 local type = type;
31 local io_open = io.open; 32 local io_open = io.open;
32 local select = select; 33 local select = select;
33 34
34 local prosody = prosody; 35 local prosody = prosody;
129 "!SRP", -- Secure Remote Password - not used for XMPP 130 "!SRP", -- Secure Remote Password - not used for XMPP
130 "!3DES", -- 3DES - slow and of questionable security 131 "!3DES", -- 3DES - slow and of questionable security
131 "!aNULL", -- Ciphers that does not authenticate the connection 132 "!aNULL", -- Ciphers that does not authenticate the connection
132 }; 133 };
133 } 134 }
135
136 if luasec_has.curves then
137 for i = #core_defaults.curveslist, 1, -1 do
138 if not luasec_has.curves[ core_defaults.curveslist[i] ] then
139 t_remove(core_defaults.curveslist, i);
140 end
141 end
142 else
143 core_defaults.curveslist = nil;
144 end
145
134 local path_options = { -- These we pass through resolve_path() 146 local path_options = { -- These we pass through resolve_path()
135 key = true, certificate = true, cafile = true, capath = true, dhparam = true 147 key = true, certificate = true, cafile = true, capath = true, dhparam = true
136 } 148 }
137 149
138 if luasec_version < 5 and ssl_x509 then 150 if luasec_version < 5 and ssl_x509 then