prosody
d774cb85664b
core/certmanager.lua
Software / code / prosody
Comparison
core/certmanager.lua @ 6089:d774cb85664b
certmanager: Move ssl.protocol handling to after ssl.options is a table (thanks Ralph)
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 21 Apr 2014 02:43:09 +0200 |
| parent | 6087:821756a862b0 |
| child | 6165:6a184b16b717 |
comparison
equal
deleted
inserted
replaced
| 6087:821756a862b0 | 6089:d774cb85664b |
|---|---|
| 14 local tostring = tostring; | 14 local tostring = tostring; |
| 15 local pairs = pairs; | 15 local pairs = pairs; |
| 16 local type = type; | 16 local type = type; |
| 17 local io_open = io.open; | 17 local io_open = io.open; |
| 18 local t_concat = table.concat; | 18 local t_concat = table.concat; |
| 19 local t_insert = table.insert; | |
| 19 | 20 |
| 20 local prosody = prosody; | 21 local prosody = prosody; |
| 21 local resolve_path = configmanager.resolve_relative_path; | 22 local resolve_path = configmanager.resolve_relative_path; |
| 22 local config_path = prosody.paths.config; | 23 local config_path = prosody.paths.config; |
| 23 | 24 |
| 98 if user_ssl_config[option] == nil then | 99 if user_ssl_config[option] == nil then |
| 99 user_ssl_config[option] = default_value; | 100 user_ssl_config[option] = default_value; |
| 100 end | 101 end |
| 101 end | 102 end |
| 102 | 103 |
| 103 local min_protocol = protocols[user_ssl_config.protocol]; | |
| 104 if min_protocol then | |
| 105 user_ssl_config.protocol = "sslv23"; | |
| 106 for i = min_protocol, 1, -1 do | |
| 107 user_ssl_config.options["no_"..protocols[i]] = true; | |
| 108 end | |
| 109 end | |
| 110 | |
| 111 for option in pairs(set_options) do | 104 for option in pairs(set_options) do |
| 112 local merged = {}; | 105 local merged = {}; |
| 113 merge_set(core_defaults[option], merged); | 106 merge_set(core_defaults[option], merged); |
| 114 if global_ssl_config then | 107 if global_ssl_config then |
| 115 merge_set(global_ssl_config[option], merged); | 108 merge_set(global_ssl_config[option], merged); |
| 120 if enable then | 113 if enable then |
| 121 final_array[#final_array+1] = opt; | 114 final_array[#final_array+1] = opt; |
| 122 end | 115 end |
| 123 end | 116 end |
| 124 user_ssl_config[option] = final_array; | 117 user_ssl_config[option] = final_array; |
| 118 end | |
| 119 | |
| 120 local min_protocol = protocols[user_ssl_config.protocol]; | |
| 121 if min_protocol then | |
| 122 user_ssl_config.protocol = "sslv23"; | |
| 123 for i = 1, min_protocol do | |
| 124 t_insert(user_ssl_config.options, "no_"..protocols[i]); | |
| 125 end | |
| 125 end | 126 end |
| 126 | 127 |
| 127 -- We can't read the password interactively when daemonized | 128 -- We can't read the password interactively when daemonized |
| 128 user_ssl_config.password = user_ssl_config.password or | 129 user_ssl_config.password = user_ssl_config.password or |
| 129 function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end; | 130 function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end; |
