diff options
| author | Kim Alvefur <zash@zash.se> | 2022-01-18 08:04:16 +0100 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2022-01-18 08:04:16 +0100 |
| commit | 8edd063114c2f0c5931643d6b75cea13a93da636 (patch) | |
| tree | d4ba88abc98c4f57d51988c9e462ee7f00a1234d | |
| parent | d595ebf9e1707a75d2c9190ad53a34ab3cde99ca (diff) | |
| download | prosody-8edd063114c2f0c5931643d6b75cea13a93da636.tar.gz prosody-8edd063114c2f0c5931643d6b75cea13a93da636.zip | |
core.certmanager: Apply TLS preset before global settings (thanks Menel)
Allows overriding settings via the global 'ssl' settings as before.
This order was probably accidental. That said, 'ssl' is a giant footgun
we will want to discourage use of.
| -rw-r--r-- | core/certmanager.lua | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index bde98621..a7a44a4c 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -350,11 +350,11 @@ local function create_context(host, mode, ...) -- We can't read the password interactively when daemonized password = function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end; }); - cfg:apply(global_ssl_config); local preset = configmanager.get("*", "tls_preset") or "intermediate"; if preset ~= "legacy" then cfg:apply(mozilla_ssl_configs[preset]); end + cfg:apply(global_ssl_config); for i = select('#', ...), 1, -1 do cfg:apply(select(i, ...)); |