diff options
| author | Kim Alvefur <zash@zash.se> | 2023-10-27 19:03:59 +0200 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2023-10-27 19:03:59 +0200 |
| commit | e8128c1d608cb18b1d1e913395fb9b897dd4525e (patch) | |
| tree | a3c7138dccba606e10a8c725c6e1041435ec5ede | |
| parent | 4d9916d1e545be30cac7310e8ee8167cd89dc5c2 (diff) | |
| download | prosody-e8128c1d608cb18b1d1e913395fb9b897dd4525e.tar.gz prosody-e8128c1d608cb18b1d1e913395fb9b897dd4525e.zip | |
core.certmanager: Validate that 'tls_profile' is one of the valid values
A typo should not result in ending up with "legacy"
| -rw-r--r-- | core/certmanager.lua | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index c6310473..6a46588c 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -336,8 +336,11 @@ local function create_context(host, mode, ...) password = function() log("error", "Encrypted certificate for %s requires 'ssl' 'password' to be set in config", host); end; }); local profile = configmanager.get("*", "tls_profile") or "intermediate"; - if profile ~= "legacy" then + if mozilla_ssl_configs[profile] then cfg:apply(mozilla_ssl_configs[profile]); + elseif profile ~= "legacy" then + log("error", "Invalid value for 'tls_profile': expected one of \"modern\", \"intermediate\" (default), \"old\" or \"legacy\" but got %q", profile); + return nil, "Invalid configuration, 'tls_profile' had an unknown value."; end cfg:apply(global_ssl_config); |