Diff

core/certmanager.lua @ 6079:5cffee5b2826

certmanager: Reformat core ssl defaults
author Kim Alvefur <zash@zash.se>
date Tue, 15 Apr 2014 00:49:17 +0200
parent 6078:30ac122acdd3
child 6080:b7d1607df87d
line wrap: on
line diff
--- a/core/certmanager.lua	Tue Apr 15 00:45:07 2014 +0200
+++ b/core/certmanager.lua	Tue Apr 15 00:49:17 2014 +0200
@@ -34,11 +34,19 @@
 -- Global SSL options if not overridden per-host
 local global_ssl_config = configmanager.get("*", "ssl");
 
+-- Built-in defaults
 local core_defaults = {
 	capath = "/etc/ssl/certs";
 	protocol = "tlsv1+";
 	verify = (ssl and ssl.x509 and { "peer", "client_once", }) or "none";
-	options = { "cipher_server_preference", luasec_has_noticket and "no_ticket" or nil };
+	options = {
+		cipher_server_preference = true;
+		no_ticket = luasec_has_noticket;
+		no_compression = luasec_has_no_compression and configmanager.get("*", "ssl_compression") ~= true;
+		-- Has no_compression? Then it has these too...
+		single_dh_use = luasec_has_no_compression;
+		single_ecdh_use = luasec_has_no_compression;
+	};
 	verifyext = { "lsec_continue", "lsec_ignore_purpose" };
 	curve = "secp384r1";
 	ciphers = "HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK:!SRP:!3DES:!aNULL";
@@ -57,14 +65,6 @@
 	end
 end
 
-if luasec_has_no_compression then -- Has no_compression? Then it has these too...
-	core_defaults.options[#core_defaults.options+1] = "single_dh_use";
-	core_defaults.options[#core_defaults.options+1] = "single_ecdh_use";
-	if configmanager.get("*", "ssl_compression") ~= true then
-		core_defaults.options[#core_defaults.options+1] = "no_compression";
-	end
-end
-
 local function merge_set(t, o)
 	if type(t) ~= "table" then t = { t } end
 	for k,v in pairs(t) do