core.certmanager: Disable DANE name checks (not needed for XMPP) Pending https://github.com/brunoos/luasec/pull/179 Should not be done globally, but rather only for s2sout, but that would have to be in mod_tls then.

author: Kim Alvefur <zash@zash.se>
date: Thu, 16 Sep 2021 09:52:51 +0200
parent: 12120:0fcd80a55f15
child: 12196:b05e0b422ff7
--- a/core/certmanager.lua	Tue Jan 04 23:16:02 2022 +0100
+++ b/core/certmanager.lua	Thu Sep 16 09:52:51 2021 +0200
@@ -251,7 +251,7 @@
 		"!3DES",       -- 3DES - slow and of questionable security
 		"!aNULL",      -- Ciphers that does not authenticate the connection
 	};
-	dane = configmanager.get("*", "use_dane");
+	dane = luasec_has.capabilities.dane and configmanager.get("*", "use_dane") and { "no_ee_namechecks" };
 }
 
 local mozilla_ssl_configs = {