Software / code / prosody
Changeset
13291:24070d47a6e7 0.12
core.certmanager: Validate that 'tls_profile' is one of the valid values
A typo should not result in ending up with "legacy"
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 27 Oct 2023 19:03:59 +0200 |
| parents | 13267:7ae000fc8c07 |
| children | 13292:8fbdd878fcf6 13378:db30ffbf2090 |
| files | core/certmanager.lua |
| diffstat | 1 files changed, 4 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/core/certmanager.lua Sun Oct 15 14:43:11 2023 +0200 +++ b/core/certmanager.lua Fri Oct 27 19:03:59 2023 +0200 @@ -336,8 +336,11 @@ password = function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end; }); local profile = configmanager.get("*", "tls_profile") or "intermediate"; - if profile ~= "legacy" then + if mozilla_ssl_configs[profile] then cfg:apply(mozilla_ssl_configs[profile]); + elseif profile ~= "legacy" then + log("error", "Invalid value for 'tls_profile': expected one of \"modern\", \"intermediate\" (default), \"old\" or \"legacy\" but got %q", profile); + return nil, "Invalid configuration, 'tls_profile' had an unknown value."; end cfg:apply(global_ssl_config);
