# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1698426239 -7200
# Node ID 24070d47a6e7a3ddd60f34181dc485a9b9b00e8b
# Parent  7ae000fc8c0729ba218cc6a41d7c8d2a7ed10649
core.certmanager: Validate that 'tls_profile' is one of the valid values

A typo should not result in ending up with "legacy"

diff -r 7ae000fc8c07 -r 24070d47a6e7 core/certmanager.lua
--- a/core/certmanager.lua	Sun Oct 15 14:43:11 2023 +0200
+++ b/core/certmanager.lua	Fri Oct 27 19:03:59 2023 +0200
@@ -336,8 +336,11 @@
 		password = function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end;
 	});
 	local profile = configmanager.get("*", "tls_profile") or "intermediate";
-	if profile ~= "legacy" then
+	if mozilla_ssl_configs[profile] then
 		cfg:apply(mozilla_ssl_configs[profile]);
+	elseif profile ~= "legacy" then
+		log("error", "Invalid value for 'tls_profile': expected one of \"modern\", \"intermediate\" (default), \"old\" or \"legacy\" but got %q", profile);
+		return nil, "Invalid configuration, 'tls_profile' had an unknown value.";
 	end
 	cfg:apply(global_ssl_config);