aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2014-04-21 02:43:09 +0200
committerKim Alvefur <zash@zash.se>2014-04-21 02:43:09 +0200
commit3674d9327763a1c9a69d86d72680de1651fa6511 (patch)
tree73e02e9b4d97c54ca4174f92bc32ab207926250e
parent84ab9b78050508f04edaecdf502d111247ab1c75 (diff)
downloadprosody-3674d9327763a1c9a69d86d72680de1651fa6511.tar.gz
prosody-3674d9327763a1c9a69d86d72680de1651fa6511.zip
certmanager: Move ssl.protocol handling to after ssl.options is a table (thanks Ralph)
-rw-r--r--core/certmanager.lua17
1 files changed, 9 insertions, 8 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index ced17e58..74da771e 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -16,6 +16,7 @@ local pairs = pairs;
local type = type;
local io_open = io.open;
local t_concat = table.concat;
+local t_insert = table.insert;
local prosody = prosody;
local resolve_path = configmanager.resolve_relative_path;
@@ -100,14 +101,6 @@ function create_context(host, mode, user_ssl_config)
end
end
- local min_protocol = protocols[user_ssl_config.protocol];
- if min_protocol then
- user_ssl_config.protocol = "sslv23";
- for i = min_protocol, 1, -1 do
- user_ssl_config.options["no_"..protocols[i]] = true;
- end
- end
-
for option in pairs(set_options) do
local merged = {};
merge_set(core_defaults[option], merged);
@@ -124,6 +117,14 @@ function create_context(host, mode, user_ssl_config)
user_ssl_config[option] = final_array;
end
+ local min_protocol = protocols[user_ssl_config.protocol];
+ if min_protocol then
+ user_ssl_config.protocol = "sslv23";
+ for i = 1, min_protocol do
+ t_insert(user_ssl_config.options, "no_"..protocols[i]);
+ end
+ end
+
-- We can't read the password interactively when daemonized
user_ssl_config.password = user_ssl_config.password or
function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end;