aboutsummaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2017-11-20 00:26:41 +0100
committerKim Alvefur <zash@zash.se>2017-11-20 00:26:41 +0100
commitaa6ed63bd8e08c3db5c2b364883e91bd28cea2f4 (patch)
tree03eb1fb96258d6e89b14091510ce9d24948032d1 /core
parent30ba266c2cee24251e2e0cb01cb331d37171acc9 (diff)
downloadprosody-aa6ed63bd8e08c3db5c2b364883e91bd28cea2f4.tar.gz
prosody-aa6ed63bd8e08c3db5c2b364883e91bd28cea2f4.zip
certmanager: Filter out curves not supported by LuaSec
Diffstat (limited to 'core')
-rw-r--r--core/certmanager.lua12
1 files changed, 12 insertions, 0 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index dd6cabae..e13a5d8e 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -27,6 +27,7 @@ local stat = require "lfs".attributes;
local tonumber, tostring = tonumber, tostring;
local pairs = pairs;
+local t_remove = table.remove;
local type = type;
local io_open = io.open;
local select = select;
@@ -131,6 +132,17 @@ local core_defaults = {
"!aNULL", -- Ciphers that does not authenticate the connection
};
}
+
+if luasec_has.curves then
+ for i = #core_defaults.curveslist, 1, -1 do
+ if not luasec_has.curves[ core_defaults.curveslist[i] ] then
+ t_remove(core_defaults.curveslist, i);
+ end
+ end
+else
+ core_defaults.curveslist = nil;
+end
+
local path_options = { -- These we pass through resolve_path()
key = true, certificate = true, cafile = true, capath = true, dhparam = true
}