aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2023-11-04 15:59:51 +0100
committerKim Alvefur <zash@zash.se>2023-11-04 15:59:51 +0100
commit7b6a2f64e227a2cd41c1925d8dda7944ac450f46 (patch)
tree16dcc6b3750c69ec6276f4c6ee346e2a39a7d716
parent717ea33160ab8c1617b03ad0e292b6235881c568 (diff)
downloadprosody-7b6a2f64e227a2cd41c1925d8dda7944ac450f46.tar.gz
prosody-7b6a2f64e227a2cd41c1925d8dda7944ac450f46.zip
core.certmanager: Handle dane context setting same way on reload as on initialization
-rw-r--r--core/certmanager.lua8
1 files changed, 7 insertions, 1 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index 183680ee..263797e5 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -369,7 +369,13 @@ local function reload_ssl_config()
if tls.features.options.no_compression then
core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true;
end
- core_defaults.dane = configmanager.get("*", "use_dane") or false;
+ if not configmanager.get("*", "use_dane") then
+ core_defaults.dane = false;
+ elseif tls.features.capabilities.dane then
+ core_defaults.dane = { "no_ee_namechecks" };
+ else
+ core_defaults.dane = true;
+ end
cert_index = index_certs(resolve_path(config_path, global_certificates));
end