prosody
5810166f35d5

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

11709:5810166f35d5

core.certmanager: Support 'use_dane' setting to enable DANE support Removes the need to enable DANE with two separate settings. Previously you had to also set `ssl = { dane = true }` to activate DANE support in LuaSec and OpenSSL.
author Kim Alvefur <zash@zash.se>
date Sun, 18 Jul 2021 22:46:57 +0200
parents 11708:5ef729c355f3
children 11710:26a8cc9d9eb7
files core/certmanager.lua
diffstat 1 files changed, 2 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/core/certmanager.lua	Sun Jul 18 21:57:24 2021 +0200
+++ b/core/certmanager.lua	Sun Jul 18 22:46:57 2021 +0200
@@ -244,6 +244,7 @@
 		"!3DES",       -- 3DES - slow and of questionable security
 		"!aNULL",      -- Ciphers that does not authenticate the connection
 	};
+	dane = configmanager.get("*", "use_dane");
 }
 
 if luasec_has.curves then
@@ -360,6 +361,7 @@
 	if luasec_has.options.no_compression then
 		core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true;
 	end
+	core_defaults.dane = configmanager.get("*", "use_dane") or false;
 	cert_index = index_certs(resolve_path(config_path, global_certificates));
 end