aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2012-05-19 21:53:43 +0100
committerMatthew Wild <mwild1@gmail.com>2012-05-19 21:53:43 +0100
commit8bc1656f72fd0dbb35b8e4f3ca87f849e8c4401e (patch)
tree8ce84d01a5493ea7c96b5ac2957322b78aa6a282
parent5877694c361f4a12dbf9244bfc0d6ae6ae5778a1 (diff)
downloadprosody-8bc1656f72fd0dbb35b8e4f3ca87f849e8c4401e.tar.gz
prosody-8bc1656f72fd0dbb35b8e4f3ca87f849e8c4401e.zip
certmanager: Don't use no_ticket option before LuaSec 0.4
-rw-r--r--core/certmanager.lua5
1 files changed, 4 insertions, 1 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index 1b1615a1..f8f449c9 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -17,13 +17,16 @@ local prosody = prosody;
local resolve_path = configmanager.resolve_relative_path;
local config_path = prosody.paths.config;
+local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)");
+local luasec_has_noticket = luasec_major>0 or luasec_minor>=4;
+
module "certmanager"
-- Global SSL options if not overridden per-host
local default_ssl_config = configmanager.get("*", "core", "ssl");
local default_capath = "/etc/ssl/certs";
local default_verify = (ssl and ssl.x509 and { "peer", "client_once", "continue", "ignore_purpose" }) or "none";
-local default_options = { "no_sslv2", "no_ticket" };
+local default_options = { "no_sslv2", luasec_has_noticket and "no_ticket" or nil };
function create_context(host, mode, user_ssl_config)
user_ssl_config = user_ssl_config or default_ssl_config;