aboutsummaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2015-02-05 16:59:34 +0100
committerKim Alvefur <zash@zash.se>2015-02-05 16:59:34 +0100
commit4e762a6e4d734859b307f4a753a6125cd78fc9da (patch)
treea8d124fab07343cbd0ec4213b697c56a9503617d /core
parent74f99c6bdea381f7e253c1036e7e7d4954bdeeef (diff)
downloadprosody-4e762a6e4d734859b307f4a753a6125cd78fc9da.tar.gz
prosody-4e762a6e4d734859b307f4a753a6125cd78fc9da.zip
certmanager: Limit certificate chain depth to 9
Diffstat (limited to 'core')
-rw-r--r--core/certmanager.lua1
1 files changed, 1 insertions, 0 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua
index d92e5fc1..9a0c3deb 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -53,6 +53,7 @@ local global_ssl_config = configmanager.get("*", "ssl");
-- Built-in defaults
local core_defaults = {
capath = "/etc/ssl/certs";
+ depth = 9;
protocol = "tlsv1+";
verify = (ssl_x509 and { "peer", "client_once", }) or "none";
options = {