# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1631778771 -7200
# Node ID 653a48b5a25b17fb3f70b58f54cb06af2fccba8c
# Parent  bbbf0dd90b6d87c03d4995a5e96abef5bb5b7f32
core.certmanager: Disable DANE name checks (not needed for XMPP)

Pending https://github.com/brunoos/luasec/pull/179

Should not be done globally, but rather only for s2sout, but that would
have to be in mod_tls then.

diff -r bbbf0dd90b6d -r 653a48b5a25b core/certmanager.lua
--- a/core/certmanager.lua	Tue Jan 04 23:16:02 2022 +0100
+++ b/core/certmanager.lua	Thu Sep 16 09:52:51 2021 +0200
@@ -251,7 +251,7 @@
 		"!3DES",       -- 3DES - slow and of questionable security
 		"!aNULL",      -- Ciphers that does not authenticate the connection
 	};
-	dane = configmanager.get("*", "use_dane");
+	dane = luasec_has.capabilities.dane and configmanager.get("*", "use_dane") and { "no_ee_namechecks" };
 }
 
 local mozilla_ssl_configs = {