diff options
author | Kim Alvefur <zash@zash.se> | 2015-02-05 16:20:50 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2015-02-05 16:20:50 +0100 |
commit | bf57457852e5e629a179266be549784c6ac0aeda (patch) | |
tree | 23df8b51ef3744a8a72690685800e59708c524c4 /core | |
parent | fb96020a96a45c0980b980cce62f1cabcff53b00 (diff) | |
download | prosody-bf57457852e5e629a179266be549784c6ac0aeda.tar.gz prosody-bf57457852e5e629a179266be549784c6ac0aeda.zip |
certmanager: Improve "detection" of features that depend on LuaSec version
Diffstat (limited to 'core')
-rw-r--r-- | core/certmanager.lua | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index 8bdb6b82..3de3f7f7 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -34,11 +34,16 @@ local prosody = prosody; local resolve_path = require"util.paths".resolve_relative_path; local config_path = prosody.paths.config; -local luasec_has_noticket, luasec_has_verifyext, luasec_has_no_compression; local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)"); -luasec_has_noticket = tonumber(luasec_major)>0 or tonumber(luasec_minor)>=4; -luasec_has_verifyext = tonumber(luasec_major)>0 or tonumber(luasec_minor)>=5; -luasec_has_no_compression = tonumber(luasec_major)>0 or tonumber(luasec_minor)>=5; +local luasec_version = luasec_major * 100 + luasec_minor; +local luasec_has = { + -- TODO If LuaSec ever starts exposing these things itself, use that instead + cipher_server_preference = true; + no_ticket = luasec_version >= 4; + no_compression = luasec_version >= 5; + single_dh_use = luasec_version >= 5; + single_ecdh_use = luasec_version >= 5; +}; module "certmanager" @@ -51,12 +56,11 @@ local core_defaults = { protocol = "tlsv1+"; verify = (ssl_x509 and { "peer", "client_once", }) or "none"; options = { - cipher_server_preference = true; - no_ticket = luasec_has_noticket; - no_compression = luasec_has_no_compression and configmanager.get("*", "ssl_compression") ~= true; - -- Has no_compression? Then it has these too... - single_dh_use = luasec_has_no_compression; - single_ecdh_use = luasec_has_no_compression; + cipher_server_preference = luasec_has.cipher_server_preference; + no_ticket = luasec_has.no_ticket; + no_compression = luasec_has.no_compression and configmanager.get("*", "ssl_compression") ~= true; + single_dh_use = luasec_has.single_dh_use; + single_ecdh_use = luasec_has.single_ecdh_use; }; verifyext = { "lsec_continue", "lsec_ignore_purpose" }; curve = "secp384r1"; @@ -151,7 +155,7 @@ end function reload_ssl_config() global_ssl_config = configmanager.get("*", "ssl"); - if luasec_has_no_compression then + if luasec_has.no_compression then core_defaults.options.no_compression = configmanager.get("*", "ssl_compression") ~= true; end end |