aboutsummaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2010-11-28 21:09:55 +0000
committerMatthew Wild <mwild1@gmail.com>2010-11-28 21:09:55 +0000
commit1a9eab004c001f27147470c6f7791a81f7a4f283 (patch)
treeecb8951c58fd84eead8645e0196127b2e1f6285e /core
parent29d4e18cf29e77b0e7eb1028a488f2c6d041127c (diff)
downloadprosody-1a9eab004c001f27147470c6f7791a81f7a4f283.tar.gz
prosody-1a9eab004c001f27147470c6f7791a81f7a4f283.zip
certmanager: Add required verify flags for cert verification if LuaSec (probably) supports them
Diffstat (limited to 'core')
-rw-r--r--core/certmanager.lua6
1 files changed, 4 insertions, 2 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index 7f1ca42e..0dc0bfd4 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -22,6 +22,8 @@ module "certmanager"
-- Global SSL options if not overridden per-host
local default_ssl_config = configmanager.get("*", "core", "ssl");
local default_capath = "/etc/ssl/certs";
+local default_verify = (ssl and ssl.x509 and { "peer", "client_once", "continue", "ignore_purpose" }) or "none";
+local default_options = { "no_sslv2" };
function create_context(host, mode, user_ssl_config)
user_ssl_config = user_ssl_config or default_ssl_config;
@@ -37,8 +39,8 @@ function create_context(host, mode, user_ssl_config)
certificate = resolve_path(config_path, user_ssl_config.certificate);
capath = resolve_path(config_path, user_ssl_config.capath or default_capath);
cafile = resolve_path(config_path, user_ssl_config.cafile);
- verify = user_ssl_config.verify or "none";
- options = user_ssl_config.options or "no_sslv2";
+ verify = user_ssl_config.verify or default_verify;
+ options = user_ssl_config.options or default_options;
ciphers = user_ssl_config.ciphers;
depth = user_ssl_config.depth;
};