aboutsummaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2015-02-05 16:59:34 +0100
committerKim Alvefur <zash@zash.se>2015-02-05 16:59:34 +0100
commit664c92cddeaa7ec7e83ff29a62d6f5f701d0ae33 (patch)
treea8d124fab07343cbd0ec4213b697c56a9503617d /core
parent3581c7106770298b5e813bbbf8e20b22d125476f (diff)
downloadprosody-664c92cddeaa7ec7e83ff29a62d6f5f701d0ae33.tar.gz
prosody-664c92cddeaa7ec7e83ff29a62d6f5f701d0ae33.zip
certmanager: Limit certificate chain depth to 9
Diffstat (limited to 'core')
-rw-r--r--core/certmanager.lua1
1 files changed, 1 insertions, 0 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index d92e5fc1..9a0c3deb 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -53,6 +53,7 @@ local global_ssl_config = configmanager.get("*", "ssl");
-- Built-in defaults
local core_defaults = {
capath = "/etc/ssl/certs";
+ depth = 9;
protocol = "tlsv1+";
verify = (ssl_x509 and { "peer", "client_once", }) or "none";
options = {