# HG changeset patch # User Kim Alvefur # Date 1511140929 -3600 # Node ID e39edc6d152368c000ca9f1e6647219c6cf66506 # Parent 469afa02947b0c5134bfd1fdcda380ae09a3e44e# Parent a3cf899fd61b72fb9e16ce743172f75a72a15ec6 Merge 0.10->trunk diff -r 469afa02947b -r e39edc6d1523 core/certmanager.lua --- a/core/certmanager.lua Sun Nov 19 21:00:43 2017 +0100 +++ b/core/certmanager.lua Mon Nov 20 02:22:09 2017 +0100 @@ -27,6 +27,7 @@ local tonumber, tostring = tonumber, tostring; local pairs = pairs; +local t_remove = table.remove; local type = type; local io_open = io.open; local select = select; @@ -37,13 +38,20 @@ local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)"); local luasec_version = tonumber(luasec_major) * 100 + tonumber(luasec_minor); -local luasec_has = { - -- TODO If LuaSec ever starts exposing these things itself, use that instead - cipher_server_preference = luasec_version >= 2; - no_ticket = luasec_version >= 4; - no_compression = luasec_version >= 5; - single_dh_use = luasec_version >= 2; - single_ecdh_use = luasec_version >= 2; +local luasec_has = softreq"ssl.config" or { + algorithms = { + ec = luasec_version >= 5; + }; + capabilities = { + curves_list = luasec_version >= 7; + }; + options = { + cipher_server_preference = luasec_version >= 2; + no_ticket = luasec_version >= 4; + no_compression = luasec_version >= 5; + single_dh_use = luasec_version >= 2; + single_ecdh_use = luasec_version >= 2; + }; }; local _ENV = nil; @@ -99,14 +107,14 @@ protocol = "tlsv1+"; verify = (ssl_x509 and { "peer", "client_once", }) or "none"; options = { - cipher_server_preference = luasec_has.cipher_server_preference; - no_ticket = luasec_has.no_ticket; - no_compression = luasec_has.no_compression and configmanager.get("*", "ssl_compression") ~= true; - single_dh_use = luasec_has.single_dh_use; - single_ecdh_use = luasec_has.single_ecdh_use; + cipher_server_preference = luasec_has.options.cipher_server_preference; + no_ticket = luasec_has.options.no_ticket; + no_compression = luasec_has.options.no_compression and configmanager.get("*", "ssl_compression") ~= true; + single_dh_use = luasec_has.options.single_dh_use; + single_ecdh_use = luasec_has.options.single_ecdh_use; }; verifyext = { "lsec_continue", "lsec_ignore_purpose" }; - curve = "secp384r1"; + curve = luasec_has.algorithms.ec and not luasec_has.capabilities.curves_list and "secp384r1"; curveslist = { "X25519", "P-384", @@ -124,6 +132,17 @@ "!aNULL", -- Ciphers that does not authenticate the connection }; } + +if luasec_has.curves then + for i = #core_defaults.curveslist, 1, -1 do + if not luasec_has.curves[ core_defaults.curveslist[i] ] then + t_remove(core_defaults.curveslist, i); + end + end +else + core_defaults.curveslist = nil; +end + local path_options = { -- These we pass through resolve_path() key = true, certificate = true, cafile = true, capath = true, dhparam = true } @@ -227,7 +246,7 @@ local function reload_ssl_config() global_ssl_config = configmanager.get("*", "ssl"); global_certificates = configmanager.get("*", "certificates") or "certs"; - if luasec_has.no_compression then + if luasec_has.options.no_compression then core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true; end end diff -r 469afa02947b -r e39edc6d1523 plugins/mod_debug_sql.lua --- a/plugins/mod_debug_sql.lua Sun Nov 19 21:00:43 2017 +0100 +++ b/plugins/mod_debug_sql.lua Mon Nov 20 02:22:09 2017 +0100 @@ -2,6 +2,8 @@ -- -- luacheck: ignore 213/uri +module:set_global(); + local engines = module:shared("/*/sql/connections"); for uri, engine in pairs(engines) do