# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1378206811 -7200
# Node ID 20e2b588f8c25e0d4996410fc2930c621599584f
# Parent  b93d096607b437d0901b129e88559e3f8a01ccc8
certmanager: Allow for specifying the dhparam option as a path to a file instead of a callback

diff -r b93d096607b4 -r 20e2b588f8c2 core/certmanager.lua
--- a/core/certmanager.lua	Tue Sep 03 12:11:11 2013 +0100
+++ b/core/certmanager.lua	Tue Sep 03 13:13:31 2013 +0200
@@ -72,6 +72,17 @@
 		dhparam = user_ssl_config.dhparam;
 	};
 
+	-- LuaSec expects dhparam to be a callback that takes two arguments.
+	-- We ignore those because it is mostly used for having a separate
+	-- set of params for EXPORT ciphers, which we don't have by default.
+	if type(user_ssl_config.dhparam) == "string" then
+		local f, err = io_open(resolve_path(user_ssl_config.dhparam));
+		if not f then return nil, "Could not open DH parameters: "..err end
+		local dhparam = f:read("*a");
+		f:close();
+		user_ssl_config.dhparam = function() return dhparam; end
+	end
+
 	local ctx, err = ssl_newcontext(ssl_config);
 
 	-- COMPAT: LuaSec 0.4.1 ignores the cipher list from the config, so we have to take