diff options
author | Kim Alvefur <zash@zash.se> | 2014-04-21 02:43:09 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2014-04-21 02:43:09 +0200 |
commit | 2b09f7cffb7c04ec127d75b2776d8938f8ac2441 (patch) | |
tree | 73e02e9b4d97c54ca4174f92bc32ab207926250e | |
parent | aa3344731d2636073d39c3a2641d02813bd29019 (diff) | |
download | prosody-2b09f7cffb7c04ec127d75b2776d8938f8ac2441.tar.gz prosody-2b09f7cffb7c04ec127d75b2776d8938f8ac2441.zip |
certmanager: Move ssl.protocol handling to after ssl.options is a table (thanks Ralph)
-rw-r--r-- | core/certmanager.lua | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index ced17e58..74da771e 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -16,6 +16,7 @@ local pairs = pairs; local type = type; local io_open = io.open; local t_concat = table.concat; +local t_insert = table.insert; local prosody = prosody; local resolve_path = configmanager.resolve_relative_path; @@ -100,14 +101,6 @@ function create_context(host, mode, user_ssl_config) end end - local min_protocol = protocols[user_ssl_config.protocol]; - if min_protocol then - user_ssl_config.protocol = "sslv23"; - for i = min_protocol, 1, -1 do - user_ssl_config.options["no_"..protocols[i]] = true; - end - end - for option in pairs(set_options) do local merged = {}; merge_set(core_defaults[option], merged); @@ -124,6 +117,14 @@ function create_context(host, mode, user_ssl_config) user_ssl_config[option] = final_array; end + local min_protocol = protocols[user_ssl_config.protocol]; + if min_protocol then + user_ssl_config.protocol = "sslv23"; + for i = 1, min_protocol do + t_insert(user_ssl_config.options, "no_"..protocols[i]); + end + end + -- We can't read the password interactively when daemonized user_ssl_config.password = user_ssl_config.password or function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end; |