diff options
author | Kim Alvefur <zash@zash.se> | 2023-11-04 15:59:51 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2023-11-04 15:59:51 +0100 |
commit | 7b6a2f64e227a2cd41c1925d8dda7944ac450f46 (patch) | |
tree | 16dcc6b3750c69ec6276f4c6ee346e2a39a7d716 | |
parent | 717ea33160ab8c1617b03ad0e292b6235881c568 (diff) | |
download | prosody-7b6a2f64e227a2cd41c1925d8dda7944ac450f46.tar.gz prosody-7b6a2f64e227a2cd41c1925d8dda7944ac450f46.zip |
core.certmanager: Handle dane context setting same way on reload as on initialization
-rw-r--r-- | core/certmanager.lua | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index 183680ee..263797e5 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -369,7 +369,13 @@ local function reload_ssl_config() if tls.features.options.no_compression then core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true; end - core_defaults.dane = configmanager.get("*", "use_dane") or false; + if not configmanager.get("*", "use_dane") then + core_defaults.dane = false; + elseif tls.features.capabilities.dane then + core_defaults.dane = { "no_ee_namechecks" }; + else + core_defaults.dane = true; + end cert_index = index_certs(resolve_path(config_path, global_certificates)); end |