diff options
author | Kim Alvefur <zash@zash.se> | 2021-07-18 22:46:57 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2021-07-18 22:46:57 +0200 |
commit | 4d26d4cb157143e7a9e4a0418fff9d8841cc9928 (patch) | |
tree | 2a208a1692d3c08eed2baa4cb41c4a503d0cd23d | |
parent | 360eda6cd3551f5023c7f5c0d5100bf8b6320f69 (diff) | |
download | prosody-4d26d4cb157143e7a9e4a0418fff9d8841cc9928.tar.gz prosody-4d26d4cb157143e7a9e4a0418fff9d8841cc9928.zip |
core.certmanager: Support 'use_dane' setting to enable DANE support
Removes the need to enable DANE with two separate settings.
Previously you had to also set `ssl = { dane = true }` to activate DANE
support in LuaSec and OpenSSL.
-rw-r--r-- | core/certmanager.lua | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index 753eb4d5..7c7fc150 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -244,6 +244,7 @@ local core_defaults = { "!3DES", -- 3DES - slow and of questionable security "!aNULL", -- Ciphers that does not authenticate the connection }; + dane = configmanager.get("*", "use_dane"); } if luasec_has.curves then @@ -360,6 +361,7 @@ local function reload_ssl_config() if luasec_has.options.no_compression then core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true; end + core_defaults.dane = configmanager.get("*", "use_dane") or false; cert_index = index_certs(resolve_path(config_path, global_certificates)); end |