diff options
author | Waqas Hussain <waqas20@gmail.com> | 2011-08-25 12:09:16 +0500 |
---|---|---|
committer | Waqas Hussain <waqas20@gmail.com> | 2011-08-25 12:09:16 +0500 |
commit | c405d599c519ac1235e9d243142167988225d481 (patch) | |
tree | dfb49fc6903678325f96684aa8f6487860615360 | |
parent | e583053022f8d0dcdbe24fe2786e93cfd25ef320 (diff) | |
download | prosody-c405d599c519ac1235e9d243142167988225d481.tar.gz prosody-c405d599c519ac1235e9d243142167988225d481.zip |
certmanager: Support setting ciphers in SSL config. LuaSec apparently ignores the documented ciphers option.
-rw-r--r-- | core/certmanager.lua | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index 0dc0bfd4..7b8ca9e1 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -41,11 +41,19 @@ function create_context(host, mode, user_ssl_config) cafile = resolve_path(config_path, user_ssl_config.cafile); verify = user_ssl_config.verify or default_verify; options = user_ssl_config.options or default_options; - ciphers = user_ssl_config.ciphers; depth = user_ssl_config.depth; }; local ctx, err = ssl_newcontext(ssl_config); + + -- LuaSec ignores the cipher list from the config, so we have to take care + -- of it ourselves (W/A for #x) + if ctx and user_ssl_config.ciphers then + local success; + success, err = ssl.context.setcipher(ctx, user_ssl_config.ciphers); + if not success then ctx = nil; end + end + if not ctx then err = err or "invalid ssl config" local file = err:match("^error loading (.-) %("); |