aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2014-04-15 00:32:11 +0200
committerKim Alvefur <zash@zash.se>2014-04-15 00:32:11 +0200
commit01c2957f0296cee49cca7af4d6fedc13ffbb7cbd (patch)
tree9d7e42e354e64115857302fec25cd9aaf360a830
parentff3d811e6a6f2ec5bce62683be48fe5121245ef3 (diff)
downloadprosody-01c2957f0296cee49cca7af4d6fedc13ffbb7cbd.tar.gz
prosody-01c2957f0296cee49cca7af4d6fedc13ffbb7cbd.zip
certmanager: Merge ssl.options, verify etc from core defaults and global ssl settings with inheritance while allowing options to be disabled per virtualhost
-rw-r--r--core/certmanager.lua29
1 files changed, 29 insertions, 0 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index 5cbec241..cf745ad2 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -46,6 +46,9 @@ local core_defaults = {
local path_options = { -- These we pass through resolve_path()
key = true, certificate = true, cafile = true, capath = true, dhparam = true
}
+local set_options = {
+ options = true, verify = true, verifyext = true
+}
if ssl and not luasec_has_verifyext and ssl.x509 then
-- COMPAT mw/luasec-hg
@@ -62,6 +65,18 @@ if luasec_has_no_compression then -- Has no_compression? Then it has these too..
end
end
+local function merge_set(t, o)
+ if type(t) ~= "table" then t = { t } end
+ for k,v in pairs(t) do
+ if v == true or v == false then
+ o[k] = v;
+ else
+ o[v] = true;
+ end
+ end
+ return o;
+end
+
function create_context(host, mode, user_ssl_config)
user_ssl_config = user_ssl_config or {}
user_ssl_config.mode = mode;
@@ -82,6 +97,20 @@ function create_context(host, mode, user_ssl_config)
end
end
+ for option in pairs(set_options) do
+ local merged = {};
+ merge_set(core_defaults[option], merged);
+ merge_set(global_ssl_config[option], merged);
+ merge_set(user_ssl_config[option], merged);
+ local final_array = {};
+ for opt, enable in pairs(merged) do
+ if enable then
+ final_array[#final_array+1] = opt;
+ end
+ end
+ user_ssl_config[option] = final_array;
+ end
+
-- We can't read the password interactively when daemonized
user_ssl_config.password = user_ssl_config.password or
function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end;