aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2017-11-20 00:25:18 +0100
committerKim Alvefur <zash@zash.se>2017-11-20 00:25:18 +0100
commit0315d775b2626b5cb62a73cf84a018f3abda0d7f (patch)
tree9e0e035a4df51125f3da6d2d389285b96b90d4f7
parent65086493687c8c09f08a6cda35a10925ff793a30 (diff)
downloadprosody-0315d775b2626b5cb62a73cf84a018f3abda0d7f.tar.gz
prosody-0315d775b2626b5cb62a73cf84a018f3abda0d7f.zip
certmanager: Change table representing LuaSec capabilities to match capabilities table exposed in LuaSec 0.7
-rw-r--r--core/certmanager.lua33
1 files changed, 20 insertions, 13 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index 2be66a21..dd6cabae 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -37,13 +37,20 @@ local config_path = prosody.paths.config or ".";
local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)");
local luasec_version = tonumber(luasec_major) * 100 + tonumber(luasec_minor);
-local luasec_has = {
- -- TODO If LuaSec ever starts exposing these things itself, use that instead
- cipher_server_preference = luasec_version >= 2;
- no_ticket = luasec_version >= 4;
- no_compression = luasec_version >= 5;
- single_dh_use = luasec_version >= 2;
- single_ecdh_use = luasec_version >= 2;
+local luasec_has = softreq"ssl.config" or {
+ algorithms = {
+ ec = luasec_version >= 5;
+ };
+ capabilities = {
+ curves_list = luasec_version >= 7;
+ };
+ options = {
+ cipher_server_preference = luasec_version >= 2;
+ no_ticket = luasec_version >= 4;
+ no_compression = luasec_version >= 5;
+ single_dh_use = luasec_version >= 2;
+ single_ecdh_use = luasec_version >= 2;
+ };
};
local _ENV = nil;
@@ -99,11 +106,11 @@ local core_defaults = {
protocol = "tlsv1+";
verify = (ssl_x509 and { "peer", "client_once", }) or "none";
options = {
- cipher_server_preference = luasec_has.cipher_server_preference;
- no_ticket = luasec_has.no_ticket;
- no_compression = luasec_has.no_compression and configmanager.get("*", "ssl_compression") ~= true;
- single_dh_use = luasec_has.single_dh_use;
- single_ecdh_use = luasec_has.single_ecdh_use;
+ cipher_server_preference = luasec_has.options.cipher_server_preference;
+ no_ticket = luasec_has.options.no_ticket;
+ no_compression = luasec_has.options.no_compression and configmanager.get("*", "ssl_compression") ~= true;
+ single_dh_use = luasec_has.options.single_dh_use;
+ single_ecdh_use = luasec_has.options.single_ecdh_use;
};
verifyext = { "lsec_continue", "lsec_ignore_purpose" };
curve = "secp384r1";
@@ -227,7 +234,7 @@ end
local function reload_ssl_config()
global_ssl_config = configmanager.get("*", "ssl");
global_certificates = configmanager.get("*", "certificates") or "certs";
- if luasec_has.no_compression then
+ if luasec_has.options.no_compression then
core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true;
end
end