# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1397514731 -7200
# Node ID 6999d4415a58e6638f3d33e8d8cc1efe6c1d81ba
# Parent  e0713386319ab31ee1583e3da6adae430d972de9
certmanager: Merge ssl.options, verify etc from core defaults and global ssl settings with inheritance while allowing options to be disabled per virtualhost

diff -r e0713386319a -r 6999d4415a58 core/certmanager.lua
--- a/core/certmanager.lua	Mon Apr 14 23:41:26 2014 +0200
+++ b/core/certmanager.lua	Tue Apr 15 00:32:11 2014 +0200
@@ -46,6 +46,9 @@
 local path_options = { -- These we pass through resolve_path()
 	key = true, certificate = true, cafile = true, capath = true, dhparam = true
 }
+local set_options = {
+	options = true, verify = true, verifyext = true
+}
 
 if ssl and not luasec_has_verifyext and ssl.x509 then
 	-- COMPAT mw/luasec-hg
@@ -62,6 +65,18 @@
 	end
 end
 
+local function merge_set(t, o)
+	if type(t) ~= "table" then t = { t } end
+	for k,v in pairs(t) do
+		if v == true or v == false then
+			o[k] = v;
+		else
+			o[v] = true;
+		end
+	end
+	return o;
+end
+
 function create_context(host, mode, user_ssl_config)
 	user_ssl_config = user_ssl_config or {}
 	user_ssl_config.mode = mode;
@@ -82,6 +97,20 @@
 		end
 	end
 
+	for option in pairs(set_options) do
+		local merged = {};
+		merge_set(core_defaults[option], merged);
+		merge_set(global_ssl_config[option], merged);
+		merge_set(user_ssl_config[option], merged);
+		local final_array = {};
+		for opt, enable in pairs(merged) do
+			if enable then
+				final_array[#final_array+1] = opt;
+			end
+		end
+		user_ssl_config[option] = final_array;
+	end
+
 	-- We can't read the password interactively when daemonized
 	user_ssl_config.password = user_ssl_config.password or
 		function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end;