diff options
| author | Kim Alvefur <zash@zash.se> | 2017-11-20 00:25:18 +0100 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2017-11-20 00:25:18 +0100 |
| commit | 30ba266c2cee24251e2e0cb01cb331d37171acc9 (patch) | |
| tree | 9e0e035a4df51125f3da6d2d389285b96b90d4f7 | |
| parent | c96c44f64d7d49463ab5779fb028ba7a349310af (diff) | |
| download | prosody-30ba266c2cee24251e2e0cb01cb331d37171acc9.tar.gz prosody-30ba266c2cee24251e2e0cb01cb331d37171acc9.zip | |
certmanager: Change table representing LuaSec capabilities to match capabilities table exposed in LuaSec 0.7
| -rw-r--r-- | core/certmanager.lua | 33 |
1 files changed, 20 insertions, 13 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index 2be66a21..dd6cabae 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -37,13 +37,20 @@ local config_path = prosody.paths.config or "."; local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)"); local luasec_version = tonumber(luasec_major) * 100 + tonumber(luasec_minor); -local luasec_has = { - -- TODO If LuaSec ever starts exposing these things itself, use that instead - cipher_server_preference = luasec_version >= 2; - no_ticket = luasec_version >= 4; - no_compression = luasec_version >= 5; - single_dh_use = luasec_version >= 2; - single_ecdh_use = luasec_version >= 2; +local luasec_has = softreq"ssl.config" or { + algorithms = { + ec = luasec_version >= 5; + }; + capabilities = { + curves_list = luasec_version >= 7; + }; + options = { + cipher_server_preference = luasec_version >= 2; + no_ticket = luasec_version >= 4; + no_compression = luasec_version >= 5; + single_dh_use = luasec_version >= 2; + single_ecdh_use = luasec_version >= 2; + }; }; local _ENV = nil; @@ -99,11 +106,11 @@ local core_defaults = { protocol = "tlsv1+"; verify = (ssl_x509 and { "peer", "client_once", }) or "none"; options = { - cipher_server_preference = luasec_has.cipher_server_preference; - no_ticket = luasec_has.no_ticket; - no_compression = luasec_has.no_compression and configmanager.get("*", "ssl_compression") ~= true; - single_dh_use = luasec_has.single_dh_use; - single_ecdh_use = luasec_has.single_ecdh_use; + cipher_server_preference = luasec_has.options.cipher_server_preference; + no_ticket = luasec_has.options.no_ticket; + no_compression = luasec_has.options.no_compression and configmanager.get("*", "ssl_compression") ~= true; + single_dh_use = luasec_has.options.single_dh_use; + single_ecdh_use = luasec_has.options.single_ecdh_use; }; verifyext = { "lsec_continue", "lsec_ignore_purpose" }; curve = "secp384r1"; @@ -227,7 +234,7 @@ end local function reload_ssl_config() global_ssl_config = configmanager.get("*", "ssl"); global_certificates = configmanager.get("*", "certificates") or "certs"; - if luasec_has.no_compression then + if luasec_has.options.no_compression then core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true; end end |