# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1398041018 -7200
# Node ID 61403eb023bf8823038b6f3f422338731317894a
# Parent  be10c6c5aa7f3024107e45397d93e963c2583a78# Parent  d774cb85664b4ca3000ef1f19a72de46dd41c66f
Merge 0.10->trunk

diff -r be10c6c5aa7f -r 61403eb023bf core/certmanager.lua
--- a/core/certmanager.lua	Sun Apr 20 23:39:45 2014 +0200
+++ b/core/certmanager.lua	Mon Apr 21 02:43:38 2014 +0200
@@ -16,6 +16,7 @@
 local type = type;
 local io_open = io.open;
 local t_concat = table.concat;
+local t_insert = table.insert;
 
 local prosody = prosody;
 local resolve_path = configmanager.resolve_relative_path;
@@ -100,14 +101,6 @@
 		end
 	end
 
-	local min_protocol = protocols[user_ssl_config.protocol];
-	if min_protocol then
-		user_ssl_config.protocol = "sslv23";
-		for i = min_protocol, 1, -1 do
-			user_ssl_config.options["no_"..protocols[i]] = true;
-		end
-	end
-
 	for option in pairs(set_options) do
 		local merged = {};
 		merge_set(core_defaults[option], merged);
@@ -124,6 +117,14 @@
 		user_ssl_config[option] = final_array;
 	end
 
+	local min_protocol = protocols[user_ssl_config.protocol];
+	if min_protocol then
+		user_ssl_config.protocol = "sslv23";
+		for i = 1, min_protocol do
+			t_insert(user_ssl_config.options, "no_"..protocols[i]);
+		end
+	end
+
 	-- We can't read the password interactively when daemonized
 	user_ssl_config.password = user_ssl_config.password or
 		function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end;