# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1626641217 -7200
# Node ID 5810166f35d5cb13dbedbc65b23dd6125e629d01
# Parent  5ef729c355f3449ef7597357a08f96241b74e7a6
core.certmanager: Support 'use_dane' setting to enable DANE support

Removes the need to enable DANE with two separate settings.
Previously you had to also set `ssl = { dane = true }` to activate DANE
support in LuaSec and OpenSSL.

diff -r 5ef729c355f3 -r 5810166f35d5 core/certmanager.lua
--- a/core/certmanager.lua	Sun Jul 18 21:57:24 2021 +0200
+++ b/core/certmanager.lua	Sun Jul 18 22:46:57 2021 +0200
@@ -244,6 +244,7 @@
 		"!3DES",       -- 3DES - slow and of questionable security
 		"!aNULL",      -- Ciphers that does not authenticate the connection
 	};
+	dane = configmanager.get("*", "use_dane");
 }
 
 if luasec_has.curves then
@@ -360,6 +361,7 @@
 	if luasec_has.options.no_compression then
 		core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true;
 	end
+	core_defaults.dane = configmanager.get("*", "use_dane") or false;
 	cert_index = index_certs(resolve_path(config_path, global_certificates));
 end