# HG changeset patch # User Kim Alvefur # Date 1626641217 -7200 # Node ID 5810166f35d5cb13dbedbc65b23dd6125e629d01 # Parent 5ef729c355f3449ef7597357a08f96241b74e7a6 core.certmanager: Support 'use_dane' setting to enable DANE support Removes the need to enable DANE with two separate settings. Previously you had to also set `ssl = { dane = true }` to activate DANE support in LuaSec and OpenSSL. diff -r 5ef729c355f3 -r 5810166f35d5 core/certmanager.lua --- a/core/certmanager.lua Sun Jul 18 21:57:24 2021 +0200 +++ b/core/certmanager.lua Sun Jul 18 22:46:57 2021 +0200 @@ -244,6 +244,7 @@ "!3DES", -- 3DES - slow and of questionable security "!aNULL", -- Ciphers that does not authenticate the connection }; + dane = configmanager.get("*", "use_dane"); } if luasec_has.curves then @@ -360,6 +361,7 @@ if luasec_has.options.no_compression then core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true; end + core_defaults.dane = configmanager.get("*", "use_dane") or false; cert_index = index_certs(resolve_path(config_path, global_certificates)); end