diff options
author | Kim Alvefur <zash@zash.se> | 2015-02-05 16:59:34 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2015-02-05 16:59:34 +0100 |
commit | 664c92cddeaa7ec7e83ff29a62d6f5f701d0ae33 (patch) | |
tree | a8d124fab07343cbd0ec4213b697c56a9503617d /core | |
parent | 3581c7106770298b5e813bbbf8e20b22d125476f (diff) | |
download | prosody-664c92cddeaa7ec7e83ff29a62d6f5f701d0ae33.tar.gz prosody-664c92cddeaa7ec7e83ff29a62d6f5f701d0ae33.zip |
certmanager: Limit certificate chain depth to 9
Diffstat (limited to 'core')
-rw-r--r-- | core/certmanager.lua | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index d92e5fc1..9a0c3deb 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -53,6 +53,7 @@ local global_ssl_config = configmanager.get("*", "ssl"); -- Built-in defaults local core_defaults = { capath = "/etc/ssl/certs"; + depth = 9; protocol = "tlsv1+"; verify = (ssl_x509 and { "peer", "client_once", }) or "none"; options = { |