diff options
author | Kim Alvefur <zash@zash.se> | 2015-02-05 16:59:34 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2015-02-05 16:59:34 +0100 |
commit | 4e762a6e4d734859b307f4a753a6125cd78fc9da (patch) | |
tree | a8d124fab07343cbd0ec4213b697c56a9503617d /core | |
parent | 74f99c6bdea381f7e253c1036e7e7d4954bdeeef (diff) | |
download | prosody-4e762a6e4d734859b307f4a753a6125cd78fc9da.tar.gz prosody-4e762a6e4d734859b307f4a753a6125cd78fc9da.zip |
certmanager: Limit certificate chain depth to 9
Diffstat (limited to 'core')
-rw-r--r-- | core/certmanager.lua | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/core/certmanager.lua b/core/certmanager.lua index d92e5fc1..9a0c3deb 100644 --- a/core/certmanager.lua +++ b/core/certmanager.lua @@ -53,6 +53,7 @@ local global_ssl_config = configmanager.get("*", "ssl"); -- Built-in defaults local core_defaults = { capath = "/etc/ssl/certs"; + depth = 9; protocol = "tlsv1+"; verify = (ssl_x509 and { "peer", "client_once", }) or "none"; options = { |