aboutsummaryrefslogtreecommitdiffstats
path: root/core/certmanager.lua
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2021-09-16 09:52:51 +0200
committerKim Alvefur <zash@zash.se>2021-09-16 09:52:51 +0200
commit3b2c39901a24d660aaf3d220448d8a49df5c6fcf (patch)
treed6fdae321250d1e22e7f160eca2f410ee38df320 /core/certmanager.lua
parent91172308d6b888a34ee190ca703d7a80cfbd21bc (diff)
downloadprosody-3b2c39901a24d660aaf3d220448d8a49df5c6fcf.tar.gz
prosody-3b2c39901a24d660aaf3d220448d8a49df5c6fcf.zip
core.certmanager: Disable DANE name checks (not needed for XMPP)
Pending https://github.com/brunoos/luasec/pull/179 Should not be done globally, but rather only for s2sout, but that would have to be in mod_tls then.
Diffstat (limited to 'core/certmanager.lua')
-rw-r--r--core/certmanager.lua2
1 files changed, 1 insertions, 1 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index efb01d50..bde98621 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -251,7 +251,7 @@ local core_defaults = {
"!3DES", -- 3DES - slow and of questionable security
"!aNULL", -- Ciphers that does not authenticate the connection
};
- dane = configmanager.get("*", "use_dane");
+ dane = luasec_has.capabilities.dane and configmanager.get("*", "use_dane") and { "no_ee_namechecks" };
}
local mozilla_ssl_configs = {