Software / code / prosody
Changeset
12150:653a48b5a25b
core.certmanager: Disable DANE name checks (not needed for XMPP)
Pending https://github.com/brunoos/luasec/pull/179
Should not be done globally, but rather only for s2sout, but that would
have to be in mod_tls then.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 16 Sep 2021 09:52:51 +0200 |
| parents | 12149:bbbf0dd90b6d |
| children | 12151:669d93f1db6a |
| files | core/certmanager.lua |
| diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/core/certmanager.lua Tue Jan 04 23:16:02 2022 +0100 +++ b/core/certmanager.lua Thu Sep 16 09:52:51 2021 +0200 @@ -251,7 +251,7 @@ "!3DES", -- 3DES - slow and of questionable security "!aNULL", -- Ciphers that does not authenticate the connection }; - dane = configmanager.get("*", "use_dane"); + dane = luasec_has.capabilities.dane and configmanager.get("*", "use_dane") and { "no_ee_namechecks" }; } local mozilla_ssl_configs = {
