Software / code / prosody
Changeset
13502:61da4491eebc
util.sslconfig: Support DH parameters as literal string
Simplifies shipping well-known DH parameters in the config
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 12 Jul 2024 15:21:08 +0200 |
| parents | 13501:05f028de4c45 |
| children | 13503:8b68e8faab52 |
| files | net/tls_luasec.lua util/sslconfig.lua |
| diffstat | 2 files changed, 16 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/net/tls_luasec.lua Thu Jul 11 15:25:57 2024 +0200 +++ b/net/tls_luasec.lua Fri Jul 12 15:21:08 2024 +0200 @@ -54,7 +54,10 @@ -- LuaSec expects dhparam to be a callback that takes two arguments. -- We ignore those because it is mostly used for having a separate -- set of params for EXPORT ciphers, which we don't have by default. - if type(cfg.dhparam) == "string" then + if type(cfg.dhparam) == "string" and cfg.dhparam:sub(1, 10) == "-----BEGIN" then + local dhparam = cfg.dhparam; + cfg.dhparam = function() return dhparam; end + elseif type(cfg.dhparam) == "string" then local f, err = io_open(cfg.dhparam); if not f then return nil, "Could not open DH parameters: "..err end local dhparam = f:read("*a");
--- a/util/sslconfig.lua Thu Jul 11 15:25:57 2024 +0200 +++ b/util/sslconfig.lua Fri Jul 12 15:21:08 2024 +0200 @@ -84,8 +84,18 @@ finalisers.certificate = finalisers.key; finalisers.cafile = finalisers.key; finalisers.capath = finalisers.key; --- XXX: copied from core/certmanager.lua, but this seems odd, because it would remove a dhparam function from the config -finalisers.dhparam = finalisers.key; + +function finalisers.dhparam(value, config) + if type(value) == "string" then + if value:sub(1, 10) == "-----BEGIN" then + -- literal value + return value; + else + -- assume a filename + return resolve_path(config._basedir, value); + end + end +end -- protocol = "x" should enable only that protocol -- protocol = "x+" should enable x and later versions
